Skip to content

Cookies are not being sent in api requests #10337

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
Cookies are not being sent in api requests#10337
Labels
invalid-reproduction
@RPdvtPT

Description

@RPdvtPT
RPdvtPT
opened on Jan 3, 2025

Describe the Bug

Cookie is missing from Request Headers in Payload API requests:

cURL of /admin/collections/users/create while creating a new user

curl 'http://localhost:3000/admin/collections/users/create' \
  -H 'Accept: text/x-component' \
  -H 'Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,pt;q=0.7,fr;q=0.6' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: text/plain;charset=UTF-8' \
  -H 'Cookie: token=works' \
  -H 'DNT: 1' \
  -H 'Next-Action: ...
  -H 'Next-Router-State-Tree: ...
  -H 'Origin: http://localhost:3000' \
  -H 'Pragma: no-cache' \
  -H 'Referer: http://localhost:3000/admin/collections/users/create' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'User-Agent: ...
  -H 'sec-ch-prefers-color-scheme: ...
  -H 'sec-ch-ua: ...
  -H 'sec-ch-ua-mobile: ...
  -H 'sec-ch-ua-platform: ...

cURL of /admin/collections/users/create after clicking the save button

  curl 'http://localhost:3000/api/users?depth=0&fallback-locale=null' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7tFmIRpnEkrJontY' \
  -H 'DNT: 1' \
  -H 'Origin: http://localhost:3000' \
  -H 'Pragma: no-cache' \
  -H 'Referer: http://localhost:3000/admin/collections/users/create' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'User-Agent: ...
  -H 'sec-ch-prefers-color-scheme: ...
  -H 'sec-ch-ua: ...
  -H 'sec-ch-ua-mobile: ...
  -H 'sec-ch-ua-platform: ...

Users collection and permissions:

type isAuthenticated = (args: AccessArgs<User>) => boolean

const authenticated: isAuthenticated = ({ req: { user } }) => {
  console.log('isAuthenticated', user)
  return Boolean(user);
};

export const Users: CollectionConfig = {
  slug: 'users',
  admin: {
    useAsTitle: 'email',
  },
  access: {
    admin: authenticated,
    create: authenticated,
    delete: authenticated,
    read: authenticated,
    update: authenticated,
  }
}

Link to the code that reproduces this issue

https://github.com/RPdvtPT/payload-strategy-test

Reproduction Steps

  • login with token
  • create a new user
  • save

Which area(s) are affected? (Select all that apply)

Not sure

Environment Info

Binaries:
  Node: 22.5.1
  npm: 10.8.2
  Yarn: 1.22.22
  pnpm: 9.12.3
Relevant Packages:
  payload: 3.11.0
  next: 15.1.2
  @payloadcms/db-mongodb: 3.11.0
  @payloadcms/graphql: 3.11.0
  @payloadcms/next/utilities: 3.11.0
  @payloadcms/richtext-lexical: 3.11.0
  @payloadcms/translations: 3.11.0
  @payloadcms/ui/shared: 3.11.0
  react: 19.0.0
  react-dom: 19.0.0
Operating System:
  Platform: darwin
  Arch: arm64

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    invalid-reproduction

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions