Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve CORS related docs #10332

Closed
Danil0v3s opened this issue Jan 3, 2025 · 3 comments · Fixed by #10333 or #10597
Closed

Improve CORS related docs #10332

Danil0v3s opened this issue Jan 3, 2025 · 3 comments · Fixed by #10333 or #10597
Labels
documentation Improvements or additions to documentation

Comments

@Danil0v3s
Copy link
Contributor

Documentation Issue

Me and my team are implementing an e-commerce product with two separate instances between back-end and front-end, CORS started to become an issue with v2 and now with v3 I couldn't for the life of me figure out what was going wrong, the docs briefly mention at Config Options you have the possibility to enable CORS and CSRF but these doesn't seem to work out of the box with custom Endpoints. Also https://payloadcms.com/docs/configuration/overview#cors seems to be broken since it doesn't lead anywhere on the site.

After many hours of digging I decided to checkout the repo and search everywhere for usages of CORS and came across headersWithCors at examples/multi-tenant/src/collections/Users/endpoints/externalUsersLogin.ts and finally these seem to have fixed the issue once and for all.

Additional Details

If custom Endpoints are not part of the default cors handling by default that should be explicit on the related section of the docs and the alternate solution could be briefly mentioned with a link to a concrete example. I reckon not everyone is going to hit this issue but it's frustrating to not find this piece of info in an otherwise pristine documentation.

@Danil0v3s Danil0v3s added the documentation Improvements or additions to documentation label Jan 3, 2025
@Danil0v3s
Copy link
Contributor Author

@jacobsfletch should this really be closed? It might have been automated from merging the PR but I think there's still an outstanding action to document CORS for custom endpoints. What do you think?

@jacobsfletch jacobsfletch reopened this Jan 6, 2025
@github-actions github-actions bot added the status: needs-triage Possible bug which hasn't been reproduced yet label Jan 6, 2025
Copy link
Contributor

github-actions bot commented Jan 7, 2025

🚀 This is included in version v3.15.0

r1tsuu added a commit that referenced this issue Jan 21, 2025
Fixes #10332

Previously, the `cors` configuration wasn't respected for:
- Custom endpoints without using `headersWithCors` which as described in
#10332 is not documented.
- Some of our endpoints like `/payload-jobs/run` or from plugins due to
missing `headersWithCors` -
https://github.com/payloadcms/payload/blob/592f02b3bf2241854202dec99ceb0c66a3fbf771/packages/payload/src/queues/restEndpointRun.ts#L82-L88

In 2.0, you didn't need `headersWithCors` and I think it's expected to
handle this logic by default.
This completely removes `headersWithCors` boilerplate from the all
endpoints and instead, handles this logic at the end of
`handleEndpoints` directly -
https://github.com/payloadcms/payload/compare/fix/default-cors?expand=1#diff-82e97630068f9fc40256f3f46e06226215ab150d16012281810586b51b0cfd51

Also deprecates public export of `headersWithCors`
@github-actions github-actions bot removed the status: needs-triage Possible bug which hasn't been reproduced yet label Jan 21, 2025
Copy link
Contributor

This issue has been automatically locked.
Please open a new issue if this issue persists with any additional detail.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 22, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Improvements or additions to documentation
Projects
None yet
2 participants