Hi, I deployed my payload-cms to docker on a vps, but after the first user registration I don't have access to anything. Everything works fine, no other errors in the container logs, but I can't create any new data in the collection due to "ERROR (payload): Forbidden: You are not allowed to perform this action".
This only happens in a production environment, but running yarn serve
on a local machine doesn't present any problems.
Payload version: 1.5.9
Hello, in my case someone helped me and changed the csrf
that must follow the prefix connection type if it's http
or https
and now seems to work flawlessly!
Hey @eduhdev12 — this is probably related to one of two things:
csrf
settings to allow the cookie to be read while on your production domain.I'll convert this to a discussion to keep conversation going as this is not a problem with Payload itself, but I'm more than happy to help!
Thank you for these details, but sadly the csrf
setting didn't fix the issue and I can confirm that cookie
header is present in request!
cookie: payload-token=jwt
The decoded jwt payload is good, but still no new results!
I really want to fix this issue, it's very important
This is the whole console log if it helps
[16:28:49] ERROR (payload): Forbidden: You are not allowed to perform this action.
at new ExtendableError (/usr/src/app/node_modules/payload/dist/errors/APIError.js:22:15)
at new APIError (/usr/src/app/node_modules/payload/dist/errors/APIError.js:38:9)
at new Forbidden (/usr/src/app/node_modules/payload/dist/errors/Forbidden.js:10:9)
at executeAccess (/usr/src/app/node_modules/payload/dist/auth/executeAccess.js:9:23)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async create (/usr/src/app/node_modules/payload/dist/collections/operations/create.js:37:9)
at async createHandler (/usr/src/app/node_modules/payload/dist/collections/requestHandlers/create.js:12:21)
This sounds like the same issue that I'm running into (link to my discussion).
Related, the deployment docs is 404.
Have you managed to fix it?
Nope () => true
to be able to make updates. So for now I'm just setting everything to () => true
while I make updates, than immediately reseting it back to isAdmin
/ect once I'm done making edits. Or just editing locally, as I'm also only seeing this happen in the prod environment, localhost works as expected.
For me () => true
is not working at all in production, just on local env
Your payload.config.ts
has this line in it yes?
serverURL: process.env.PAYLOAD_PUBLIC_BASE_DNS
And your PAYLOAD_PUBLIC_BASE_DNS
includes your UN+PW yes? MongoDB Atlas will look like this:
mongodb+srv://{username}&{password}@{dbname}.ntzanfx.mongodb.net/?retryWrites=true&w=majority
BTW, the only tutorial I could find about hosting PayloadCMS was at Northflank. I'm running into a similar issue that you are, but I was able to get a bit further. And, it's free for something as simple as a POC.
I am trying to see if the serverURL is the issue, but I am sure that mongodb is working because I tried to change something manually in database and it's reading the date, the problem is writing new data
Do you include in the serverURL the http
/https
method?
https
I made a little progress, now () => true
works good, but any access guard or checking if user
is undefined is not working at all, doing requests from the cms and I get the user as undefined all the time
Are you using a docker container? It sounds like you're in basically the same situation that I am now, and I'm wondering how close our projects are.
My hosting environment is running a docker container. And I'm wondering if it's the docker container that's causing these auth issues.
Also, do you have any csrf
and/or cors
settings in your payload.config.ts
?
Yes, I am using a normal docker container and csrf
, cors: "*"
, sometimes it makes a double call to create access and the first one is undefined and the second one contains the user, but the error comes up without any action.
Yup, that's what I'm seeing as well. I have my csrf
and cors
locked to my environment, but otherwise we seem to have the same setup and are seeing the same thing happen.