Code-based nature means you can build on top of it to power anything.
Resources
DocumentationExamplesTemplatesGitHub
Community
RoadmapDiscordCommunity Help
Payload Cloud

Deploy your entire stack in one place with Payload Cloud.

LoginCloud Pricing
It’s time to take back your content infrastructure.
Schedule a Demo
Enterprise Features
SSOPublishing WorkflowsVisual EditorAI TranslationsAI Writing Assistant
Customer Stories
MicrosoftHello BelloHope NetworkTektonMy290
Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case study
New projectLogin
New projectLogin
Community Help

Images access forbidden

default discord avatar
adam-mroziklast year
1 2

Hey,

Probably something easy on my part, but for some reason I am getting below error on my frontend when trying to access images from CMS:

Forbidden: You are not allowed to perform this action.
    at new ExtendableError (/app/node_modules/.pnpm/payload@1.2.4_mwhvu7sfp6vq5ryuwb6hlbjfka/node_modules/payload/src/errors/APIError.ts:26:11)
    at new APIError (/app/node_modules/.pnpm/payload@1.2.4_mwhvu7sfp6vq5ryuwb6hlbjfka/node_modules/payload/src/errors/APIError.ts:43:5)
    at new Forbidden (/app/node_modules/.pnpm/payload@1.2.4_mwhvu7sfp6vq5ryuwb6hlbjfka/node_modules/payload/src/errors/Forbidden.ts:7:5)
    at executeAccess (/app/node_modules/.pnpm/payload@1.2.4_mwhvu7sfp6vq5ryuwb6hlbjfka/node_modules/payload/src/auth/executeAccess.ts:9:43)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at /app/node_modules/.pnpm/payload@1.2.4_mwhvu7sfp6vq5ryuwb6hlbjfka/node_modules/payload/src/auth/getExecuteStaticAccess.ts:14:28

All my collections are accessed using the same client and basic Authentication with JWT token.

Below is my Image Collection config:

export const Images: CollectionConfig = {
  slug: 'images',
  admin: {
    useAsTitle: 'filename',
  },
  upload: {
    staticURL: '/media',
    staticDir: 'media',
    adminThumbnail: 'thumbnail',
    mimeTypes: ['image/*'],
  },
  fields: [...
  ],
};

I am also using CloudStorage access for non-local application:

plugins: [
    cloudStorage({
      collections: {
        [Images.slug]: {
          adapter:
            process.env.AWS_ASSET_STORAGE_ENABLED === 'true' ? S3Adapter : null,
        },
      },
    })

Probably something easy, but I cannot locate it. All the other collections are normally retrieved.
What is even more strange is when I login to CMS via UI, images on Frontend start suddenly appearing (?)

  • Selected Answer
    discord user avatar
    JarrodMFlesch
    last year

    This makes sense, you should define a read access control on your image collection, like so:

    access: {
  read: () => true
}

    Access control defaults to checking if a user exists on the request, which is why they appear when you are logged in.

  • default discord avatar
    adam-mroziklast year

    Just a note, if anyone encounters it as well:

    While this might have been partially an issue as well, my main issue was oauthproxy wall I had on my Frontend and CMS. Weird that it only affected images, but lifting oauth wall from /images path did the trick

    Thanks for the answer though!

Open

Continue the discussion in GitHub

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.