#Forbidden access to read => true collection

Not sure if this is a stupid question as this should be something easy to do but i am having trouble fetching images in the frontend.
The media collection permits access to anyone but when i try this in an img tag :

 src={`http://localhost:3001${image.url}`}

I can only get the image when i am logged in, otherwise i get this error :

Forbidden: You are not allowed to perform this action. 

/home/app/node_modules/payload/src/auth/getExecuteStaticAccess.ts:59:19

processTicksAndRejections (node:internal/process/task_queues:95:5)

Here is my Media collection:

const Media: CollectionConfig = {
  slug: 'media',
  access: {
    read: () => true,
  },
  fields: [
    {
      name: 'alt',
      type: 'text',
    },
  ],
  upload: {
    staticURL:'/media',
    staticDir: path.resolve(__dirname, '../media'),
  },
}

Here is my config

dotenv.config({
  path: path.resolve(__dirname, '../.env'),
})

export default buildConfig({
  collections: [Users, Tenants, Pages, Team, Media],
  admin: {
    user: 'users',
    autoLogin: {
      email: '[email protected]',
      password: 'demo',
      prefillOnly: true,
    },
    bundler: webpackBundler(),
    webpack: config => ({
      ...config,
      resolve: {
        ...config.resolve,
        alias: {
          ...config.resolve.alias,
          dotenv: path.resolve(__dirname, './dotenv.js'),
        },
      },
    }),
  },
  editor: slateEditor({}),
  db: mongooseAdapter({
    url: process.env.DATABASE_URI,
  }),
  typescript: {
    outputFile: path.resolve(__dirname, 'payload-types.ts'),
  },
})

What am I doing wrong?

I also have this issue? Did you found a solution? also ont he media collection

It is something in the code. Maybe somehow im still in a debug mode

        if (!result) {
            if (!operation.disableErrors) throw new _errors.Forbidden(operation.req.t);
        }

I couldn't find what was wrong, I "solved" it by just copying the examples on the payload docs and building from there. Still have no idea why it failed.

Even with the access example from Payload, I still received this error, mainly in a production app. Wish this wasn’t marked as ‘solved’ as I posted about this 2 weeks ago with no answer. I have used Payload’s access control for many apps but for some reason I have noted it isn’t as consistent with static asset access control mainly when I use Payload Cloud services.

@waxen kindle I can try to help

I appreciate it for sure. Although it does make sense that he has it marked as solved for his scenario. I do have post here is you have time to take a look. No problem if not. https://discord.com/channels/967097582721572934/1213973965559566357

I also have a custom logo component on the login page.

the logo.svg file is in the src/media folder and it was available for the public.

I made some changes to a specific collection that also has an upload field. I've made it to bind to a user

After that change the media collection is broken and the logo.svg is not accessable to the public only with a random account token