I have setup ghost using ghost cli 2.21.1 version. I am using ghost as a headless cms. My ghost is installed at example . com and i am consuming content api from mycmsexample . com which is working correctly.
Now i am building Admin part of the cms and i am having issue related to authentication. I am using fetch. Something like this
const host = “example . com”;
const path = “ghost/api/v2/admin/session/”;
const url = host + path;
fetch(url, {
headers: {
“Content-Type”: “application/json”,
Origin: “mycmsexample . com”
},
credentials: “include”,
method: “POST”,
body: JSON.stringify({
username: this.state.user,
password: this.state.pass
})
In chrome-dev-tool i can see the cookie with ghost-admin-api-session - {token}
In chrome dev tool response header i am not able to see set-cookie header.
After this i am doing post request to create a post.
const host = “example . com”;
const path = “ghost/api/v2/admin/posts/”;
const params = “?source=html”;
const url = host + path + params;
fetch(url, {
headers: {
Accept: “application/json”,
“Content-Type”: “application/json”,
Origin: “mycmsexample . com”
},
credentials: “include”,
method: “POST”,
body: JSON.stringify({
posts: [
{
title: this.state.title,
html: markup,
tags: this.state.tags,
authors: “authorname”,
status: “published”
}
]
})
})
In this fetch request i am getting 403, Forbidden
I am also using node js cors library installed on ghost and the ghost express server have these settings
cors = require(“cors”);
var corsOptions = {
origin: “mycsmexample . com”,
credentials: true,
};
parentApp.use(cors(corsOptions));