Simplify your stack and build anything. Or everything.
Build tomorrow’s web with a modern solution you truly own.
Code-based nature means you can build on top of it to power anything.
It’s time to take back your content infrastructure.

Using a custom domain to point to cloud run instance hosting payload server not allowing auth

default discord avatar
andyteecf2 years ago
14

Hey Payload team,



I'm currently hosting my payload server on a google cloud run instance, i am using firebase hosting to point a custom domain to the end point, upon login in with an admin account I get the error "Unauthorized, you must be logged in to make this request. You are not allowed to access this page".



When i use the direct url for the endpoint provided from google cloud run with the same payload admin account it works.



@946299884070375424

My investigation so far... does the

serverURL

need to be the exact domain and not a hosted url? docs found here

https://payloadcms.com/docs/configuration/overview#using-environment-variables-in-your-config

@364124941832159242

hey sorry for the tag, just needed some help here since the threads going stale 🙂

  • discord user avatar
    jmikrut
    2 years ago

    yes, the serverURL needs to be the actual URL (with https) that you access the Payload admin with



    you should also be able to leave it undefined if you don't know the serverURL - BUT if you do leave it undefined, then you need to whitelist the domains you'll be using in the

    csrf

    property of the Payload config



    because we only accept auth cookies from either serverURL or explicitly whitelisted domains in csrf array



    for security reasons

  • default discord avatar
    andyteecf2 years ago

    cc:

    @946299884070375424

    thank you and appreciate you getting to this question

  • default discord avatar
    mrl72 years ago

    Thanks

    @364124941832159242

    , that helped me out also.

  • discord user avatar
    jmikrut
    2 years ago

    of course! 💸

  • default discord avatar
    andyteecf2 years ago
    @364124941832159242

    hey adding in the serverURL didn't work, do we have to add it both to

    serverURL

    and the

    csrf

    @178109250806087680

    did it work for you?

  • default discord avatar
    mrl72 years ago

    All I had to do was add the serverURL in and make sure that matches the URL where you are hosting the application.

  • default discord avatar
    andyteecf2 years ago

    do you know if it supports the subdomain



    or the actual base domain

    @178109250806087680
  • default discord avatar
    mrl72 years ago

    It supports subdomains. So if your url is

    https://cms.mywebsite.com

    then that is what you need to enter into the serverURL

  • default discord avatar
    andyteecf2 years ago

    ah thank you

    @178109250806087680

    it still doesnt work for us - maybe it might be something to do with firebase hosting a cloud run instance

  • default discord avatar
    mrl72 years ago

    Do you have the url set in the .env files?

  • default discord avatar
    andyteecf2 years ago

    yep - set in the .env files on cloud run

  • default discord avatar
    mrl72 years ago

    I'm not super clued up on Firebase hosting but if you can access the logs when it is building, you should be able to see where the serverUrl is pointing to. Or you can check the browser console to see where the API calls are being made to

  • default discord avatar
    andyteecf2 years ago

    sweet, for now i just redirected it to the main url on the firebase hosting



    so atleast its friendly to remember



    that works for now



    @178109250806087680

    thanks

  • default discord avatar
    mrl72 years ago

    All good 🙂

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.