#[SOLVED] Fetching from storage return 401 unauthorize with fetch

hello !

i'm trying to play a video stored on a storage bucket, where the bucket has the read permissions only for user with the premium label. I'm authenticated everything is working, i see the labels using account.get().

const url = storage.getFileView("videos", file_id); this call is working, i can get the url with url.href but when fetching it i get a 401 unauthorized.
Looking at the request (see attachment), no cookies or header to authenticate are sent, so it's normal that i get a 401.

everything was working before the cloud upgrade to v1.15, and i'm using createemailpasswordsession to auth.

how can i fetch the video file ?

thanks !

How do you fetch it? manually?

If so, because you're on localhost you won't get the cookies

yes

oh ok interesting, I'll look into it

Try using the SDK

it was working before the upgrade of the cloud version tho

I would like to, but there is not fetch function no ? just file download file view file preview, which just get a link

Can you share your code?

i'm using the nuxt-appwrite module. everything is working well, i can call private functions, account.get and such.
const url = storage.getFileView("videos", file_id); and then i'm using url.href as a src for a video html attribute, the same thing as a fetch, i'm looking at the network tab anyway.

i guess one way of doing it fetch with a special header or cookie ?

well it's working now no on a different computer

wtf

maybe corruped data from my laptop cookies something like that

thanks shrug

At least its working now

yes i'll see if it work on laptop

have a good day !

[SOLVED] Fetching a storage document that have permissions restrictions

update, the firefox session on my laptop doesn't work.

but a private tab work

Try to clear the storage for the website

i tried deleteing all data on firefox but still doesn't work on the instance

yep done that

from 3 different places lol

the only thing left is nuke the firefox profile

Oh yes

i'll try that last hope

One sec

but weird

like nothing was stored no cookies no pref and it still didn't work

Go to Firefox settings

And update the Cookies settings

whole afternoon on this, sometime i hate software lol

And try again

This is again, because you're using localhost
When you are in production, make sure your app and Appwrite share the same apex domain
You'll need to add a custom domain to your Appwrite project.

i've done that and didn't work

thanks !

if i don't find a fix for my laptop instance i'll nuke the firefox profile, thanks for the infos !

Is it like this?

Change it to be like this
And reload all tabs to test

Make sure to set it back to standard after as is it not safe at all

hey @hallow topaz sorry to bump you, there is no way to test fetch a bucket behind permissions without hosting it on a owned domain (localhost) ?

I'm not quite sure I've understand the issue can you elaborate?

i want to fetch (download the blob) of a document on a bucket that needs special permissions.
how can i test my code etc without having a custom domain for my website and appwrite ?

for now i don't have a domain as i'm building the website

So add a dummy domain in your /etc/hosts file and point it to 127.0.0.1

And add that domain in the console

ohh nice thank you

127.0.0.1 inspire
added inspire as a hostname in integrations > platform

dev server on http://inspire:3000

is there something else to do ?

or you meant as a custom domain ?

Yes

You'll need to add two domains

1. For the testing like you've done
2. Another subdomain for Appwrite itself

oh also appwrite.inspire on etc hosts ?

and use it as appwrite api url on my project

thanks !

Make sure both domains are of the same domain so

127.0.0.1 inspire.com
127.0.0.1 appwrite.inspire.com

cors fail

exactly that in my etc hosts

in network tab http://appwrite.inspire.com/account for example fails

my app is on http://inspire.com:3000/

same domain

the port doesn't matter i think

tried with https and tried with just inspire instaed of .com

this cors error https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed (link given by firefox)

oh well i'm dumb, of course appwrite.inspire.com doesn't work as it's now localhost.

So, now it works?

no

Where is your appwrite hosted?

cloud

https://cloud.appwrite.io/v1

tried 127.0.0.1 inspire.com cloud.appwrite.io appwrite.inspire.com

Ohhh
So create domain only for your localhost

127.0.0.1 test11111.appwrite.com

and add it as a pltform

i have a * in platform

127.0.0.1 inspire.appwrite.io in hosts

using https://cloud.appwrite.io/v1 as appwriten endpoint

don't work

And now try in incognito

cors works tho

You might have some cache

nop same with incognito, but maybe it's because the api call are https and my dev server http?

just to be on the same page, the problem is back to fetch not sending cookies or a auth header to the appwrite endpoint

update: no still doesn't work with both on https (tho the dev server don't have the same certificate)

Alright,
Let me check something

What is the error you're getting now?

while the call made with the appwrite sdk all works

and are on the same domain

btw if using the result.href on a video tag it works, but not with fetch

oh fuck me

Oh, I forgot you're doing it with fetch

Is that solved thte problem

i thought that would be it but no

still no cookies

await fetch(url, { credentials: "same-origin" }) where url is result.href

from storage.getfileview

IT WORKS

with include

await fetch(url, { credentials: "include" })

honestly i'm quite sad about all of this 😂

thanks a lot for all the help !

[SOLVED] Fetching from storage return 401 unauthorize with fetch

Great

it even works on localhost

with everything by default without custom hosts

Great
It means that it was able to save the cookies

yeah the only problem was fetch 🥹

i hate js why would that be a good default behaviour for fetch

It's for protection