I’m trying to access ...com/memebers/api/member from an external website to show/hide gated content on another site.
I’ve updated the CORS settings to accept requests from the given domain, but continue to receive a 204 error.
After some further digging I looked into the members middleware.js file if there were any solutions and wondering the responses is being blocked in the cored .js code.
AND/OR is this even possible?
I’m brand new to Ghost, and really crossing my fingers that this can be the long term membership solution I’m looking for. This is the last hurdle that would make Ghost my solution of choice.
Can you say a little more about your flow? Where are requests coming from/to?
From memory when I did this last, I think I had js running in the browser on the Ghost site that made a post to the non-Ghost site (whose CORS settings you hopefully control?), and then the back end on the non-Ghost site did the validation by talking to the Ghost api.
Attempting to send a request via Netlify function on the external website to members/api/member
I have ghost installed through Digital Ocean, so have fun control of CORS on both ends.
I have verified that I’m logged into the Ghost website as a user and can successfully access members/api/member in the browser but continue to get a 204 response making requests.
Yeah, that’s not going to work unless you’ve somehow got the user’s cookie.
Instead, send the user to Ghost, have their browser get the result of /members/api/session/ and post it to your other server. Your other server can get the key for validating the jwt from /members/.well-known/jwks.json, and check that what the user’s browser has sent is correct. Then your other server can return a token/cookie that your other server uses to get them logged in.
