I'm enjoying using Payload CMS and Cloud so far! A lot to learn, but very powerful and promising platform!
I tried adding a custom domain for my backend with a subdomain 'backend' on a CNAME, as recommended by the platform. I've checked propagation and it looks good there, but for some reason, when I navigate with the custom domain, I get a loader that never goes away. The Payload Cloud-generated URL works just fine.
Maybe there's a admin security that I'm missing?
Thanks in advance
any insight on this?
Hey @dengusdanny , let me take a look
Can you provide your project ID from Settings -> Billing?
646ed86475c8b23268db88f0
Sorry for the late response
do you have a
serverURL
set?
and / or
cors
or
csrf
? if you open the network panel of your payload admin dashboard, i'm guessing you have some type of CORS error
i will check into your project specifically tomorrow with the team, but in the event you can troubleshoot further in the meantime, i would look at the browser console / network panel to see if you can identify what the issue is. my money is on a CORS issue for sure
make sure you whitelist your custom domain in both CORS and CSRF (including https)
I added it in in the Payload config, but that didn't seem to make a difference
Woah, Chicago?
I lived there for much of my 20s. Anyway, we will look into this now for you
this is the error in your console
it's making a fetch to the default domain,
fromyour custom domain
what is your
serverURL
set to?
haha it's a client
i'm trying to kill Wordpress in this industry forever with y'alls hardwork
hard work*
app is rebuilding now
it's working, i needed to add it to the CSRF as well
in the Cloud starter template, there is very clever ways y'all have written things and i didn't catch this
sorry for that
but I am genuinely impressed by everything y'all are doing at payload and i hope it flourishes
thanks again for the help
On a side note, in the Payload Cloud dashboard, the 'TRIGGER REDEPLOY' part is no longer showing the most recent commit to main branch, despite it having rebuilt. Build/deploy logs aren't showing and console has this:
the problem was fixed so i know it rebuilt, but just to flag that for you
@dengusdanny Thank you for the report. Looking into this now
Sorry to bother you all again, but for some reason, when I try to log in from the custom URL, rather than the Payload Cloud-generated URL, I get this message:
I've created an additional user account, but that doesn't seem to make a difference either.
If you ever see the "Unauthorized, you must be logged in to make this request" that means that your auth cookie is not being set or accepted correctly upon logging in.
Check the following settings in your config:
-
cors
- if you are using the
'*'
, try to explicitly only allow certain domains instead including the one you have specified.
-
csrf
- do you have this set? if so, make sure your domain is whitelisted within the
csrf
domains. if not, probably not the issue, but probably can't hurt to whitelist it anyway
- cookie settings. if these are completely undefined, then that's fine. but if you have cookie domain set, or anything similar, make sure you don't have the
domain
misconfigured
basically, this error probably means that
the auth cookie that Payload sets after logging in successfully is being rejected because of misconfiguration.
from there, here's how you can tell what the issue is:
1. Go to the login screen. open your inspector and go to the Network tab
2. Log in, and then find the
login
request that should appear in your network panel. Click the
login
request
3. The
login
request should have a
Set-Cookie
header on the response, and the cookie should be being set successfully. If it is not, most browsers generally have a little yellow ⚠️ symbol that you can hover over to see why the cookie was rejected
i'm guessing your login response cookie is getting rejected
go on cors, csrf, and no cookies set, here is the warning for the set-cookie in response header
ok so you are hitting the
login
endpoint at a different URL than the URL that is in your browser, and the cookie is treated as a third-party cookie, which is blocked
what is the URL of the login request and what is the URL of the admin panel in your browser
the request URL is the payload-generated one, but the response headers 'access-control-allow-origin' is the desired custom domain (backend.rahmforcongress.com)
how come the request url is the payload-generated one?
that should be
backend.rahmforcongress.com
as well
check your config's
serverURL
that should be
backend.rahmforcongress.com
- right?
so completely removed any mention of the payload generated url from the config whatsoever?
yes—if you are not using it to access your admin UI or APIs, and have a custom domain set up instead, then you should not have it present in your config
appears to be working, thanks again for your help and patiently answering my questions!
Just a heads up as well, when I push a change to the main branch the build logs show up for a bit then disappear, i'm happy to submit a report wherever needed
i think we've actually already fixed that! (fix is not live yet, but will be soon)
BUT if it continues to happen, yes, please do open an issue here:
https://github.com/payloadcms/website
@denolfe see above
thanks again
Star
Discord
online
Get help straight from the Payload team with an Enterprise License.