The Amplify cookies are same-site and I’m not sure if that is why they weren’t being included on the fetch to the API route but never-the-less, I instead pass them in the body and set them back in the header in the API route before passing the req to Amplify’s
withSSRContext
. I am still not sure about the cors setup or if it is even necessary.try { const cookies = document.cookie; const response = await fetch(`${url}/api/publish?slug=${slug}`, { method: 'POST', mode: 'no-cors', body: JSON.stringify(cookies), }); } catch (e) { console.error(e); }
// Amplify SSR configuration needs to be done within each API route Amplify.configure({ ...config, ssr: true }); export default async function handler(req, res) { req.headers['cookie'] = JSON.parse(req.body); const { Auth, API } = withSSRContext({ req }); ... let user; try { user = await Auth.currentAuthenticatedUser(); } catch (e) { return res.status(401).json({ message: 'You must be authenticated to publish' }); } ...