"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."
Microsoft chose Payload to tell the world about AI.
Live Preview and CSRF
Hi all,
I'm trying to get Live Preview running with 2 different domains, both hosted on Azure.
Everything is working fine
but requests on collections that need authentication.
I think the issue might be coming from the fact that these requests don't have any cookies in their headers.
Here's my setup:
- PayloadCMS running on Azure Web App
- Nuxt app running on Azure Web app
- Cors/Csrf configured in payload.config.ts
- Cors configured on Azure Web App CORS
- Latest version of PayloadCMS and Nuxt
- Using latest version of @payload/live-preview
Hope you can help me ^^
I have a similar issue with the exception that I'm working on Google infrastructure: the application that implements live preview runs on Firebase and Payload on Cloud Run (different domains). I've tried to follow the instructions on setting up CORS and CSRF closely and everything run smoothly locally, but when I deploy the apps and try to use live preview for my collection, I'm getting response 403 from Payload when fetching relationships. I'm suspecting this is some sort of cookie sharing issue between sites (see attached screenshot), but I don't know how to solve it.
Can live preview even work if Payload and the preview app run in two completely different domains?
I found out that I can edit cookie options in my Users collection like so:
const Users: CollectionConfig = { slug: "users", auth: { useAPIKey: true, cookies: { secure: true, sameSite: "none", }, }, ...This seemed to fix the issue for me, hope this helps someone else too!
TY for posting your solution
Let us know if you run into any more issues
Star
Discord
online
Get dedicated engineering support directly from the Payload team.