Improve CORS related docs #10332
Labels
documentation
Improvements or additions to documentation
Comments
|
@jacobsfletch should this really be closed? It might have been automated from merging the PR but I think there's still an outstanding action to document CORS for custom endpoints. What do you think? |
github-actions
bot
added
the
status: needs-triage
|
🚀 This is included in version v3.15.0 |
r1tsuu
added a commit
that referenced
this issue
Jan 21, 2025
Fixes #10332 Previously, the `cors` configuration wasn't respected for: - Custom endpoints without using `headersWithCors` which as described in #10332 is not documented. - Some of our endpoints like `/payload-jobs/run` or from plugins due to missing `headersWithCors` - https://github.com/payloadcms/payload/blob/592f02b3bf2241854202dec99ceb0c66a3fbf771/packages/payload/src/queues/restEndpointRun.ts#L82-L88 In 2.0, you didn't need `headersWithCors` and I think it's expected to handle this logic by default. This completely removes `headersWithCors` boilerplate from the all endpoints and instead, handles this logic at the end of `handleEndpoints` directly - https://github.com/payloadcms/payload/compare/fix/default-cors?expand=1#diff-82e97630068f9fc40256f3f46e06226215ab150d16012281810586b51b0cfd51 Also deprecates public export of `headersWithCors`
github-actions
bot
removed
the
status: needs-triage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Documentation Issue
Me and my team are implementing an e-commerce product with two separate instances between back-end and front-end, CORS started to become an issue with v2 and now with v3 I couldn't for the life of me figure out what was going wrong, the docs briefly mention at Config Options you have the possibility to enable CORS and CSRF but these doesn't seem to work out of the box with custom Endpoints. Also https://payloadcms.com/docs/configuration/overview#cors seems to be broken since it doesn't lead anywhere on the site.
After many hours of digging I decided to checkout the repo and search everywhere for usages of CORS and came across
headersWithCorsat examples/multi-tenant/src/collections/Users/endpoints/externalUsersLogin.ts and finally these seem to have fixed the issue once and for all.Additional Details
If custom Endpoints are not part of the default cors handling by default that should be explicit on the related section of the docs and the alternate solution could be briefly mentioned with a link to a concrete example. I reckon not everyone is going to hit this issue but it's frustrating to not find this piece of info in an otherwise pristine documentation.
The text was updated successfully, but these errors were encountered: