Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookies are not being sent in api requests #10337

Open
RPdvtPT opened this issue Jan 3, 2025 · 0 comments
Open

Cookies are not being sent in api requests #10337

RPdvtPT opened this issue Jan 3, 2025 · 0 comments
Labels
status: needs-triage Possible bug which hasn't been reproduced yet

Comments

@RPdvtPT
Copy link

RPdvtPT commented Jan 3, 2025

Describe the Bug

Cookie is missing from Request Headers in Payload API requests:

cURL of /admin/collections/users/create while creating a new user

curl 'http://localhost:3000/admin/collections/users/create' \
  -H 'Accept: text/x-component' \
  -H 'Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,pt;q=0.7,fr;q=0.6' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: text/plain;charset=UTF-8' \
  -H 'Cookie: token=works' \
  -H 'DNT: 1' \
  -H 'Next-Action: ...
  -H 'Next-Router-State-Tree: ...
  -H 'Origin: http://localhost:3000' \
  -H 'Pragma: no-cache' \
  -H 'Referer: http://localhost:3000/admin/collections/users/create' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'User-Agent: ...
  -H 'sec-ch-prefers-color-scheme: ...
  -H 'sec-ch-ua: ...
  -H 'sec-ch-ua-mobile: ...
  -H 'sec-ch-ua-platform: ...

cURL of /admin/collections/users/create after clicking the save button

  curl 'http://localhost:3000/api/users?depth=0&fallback-locale=null' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7tFmIRpnEkrJontY' \
  -H 'DNT: 1' \
  -H 'Origin: http://localhost:3000' \
  -H 'Pragma: no-cache' \
  -H 'Referer: http://localhost:3000/admin/collections/users/create' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'User-Agent: ...
  -H 'sec-ch-prefers-color-scheme: ...
  -H 'sec-ch-ua: ...
  -H 'sec-ch-ua-mobile: ...
  -H 'sec-ch-ua-platform: ...

Users collection and permissions:

type isAuthenticated = (args: AccessArgs<User>) => boolean

const authenticated: isAuthenticated = ({ req: { user } }) => {
  console.log('isAuthenticated', user)
  return Boolean(user);
};

export const Users: CollectionConfig = {
  slug: 'users',
  admin: {
    useAsTitle: 'email',
  },
  access: {
    admin: authenticated,
    create: authenticated,
    delete: authenticated,
    read: authenticated,
    update: authenticated,
  }
}

Link to the code that reproduces this issue

https://github.com/RPdvtPT/payload-strategy-test

Reproduction Steps

  • login with token
  • create a new user
  • save

Which area(s) are affected? (Select all that apply)

Not sure

Environment Info

Binaries:
  Node: 22.5.1
  npm: 10.8.2
  Yarn: 1.22.22
  pnpm: 9.12.3
Relevant Packages:
  payload: 3.11.0
  next: 15.1.2
  @payloadcms/db-mongodb: 3.11.0
  @payloadcms/graphql: 3.11.0
  @payloadcms/next/utilities: 3.11.0
  @payloadcms/richtext-lexical: 3.11.0
  @payloadcms/translations: 3.11.0
  @payloadcms/ui/shared: 3.11.0
  react: 19.0.0
  react-dom: 19.0.0
Operating System:
  Platform: darwin
  Arch: arm64
@RPdvtPT RPdvtPT added status: needs-triage Possible bug which hasn't been reproduced yet validate-reproduction labels Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: needs-triage Possible bug which hasn't been reproduced yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RPdvtPT