Hi, great content as usual. I am currently facing an issue with pocketbase. I am getting a cors error when trying to access images in my nuxt app. pocketbase is hosted on hetzner and both the app and pocket base have the same domain thanks
Reach out to me on X with more info. Where is the FE hosted? How are you hosting pocketbase on hetzner? Is it dockerized? What images are you accessing are they stored as files or urls in PocketBase as part of a collection? Here is a quick test you can run to determine if PocketBase or not - spin up a PocketBase instance on PocketHost with a similar collection (this will have a different domain) and see if you get the same issue. 90% sure that the reason cors will not be happy with you is because you can't have requests with the same origin If you are want to turn off cors on your browser there are some good extensions. Again DM me on X on this as I can help you more
Yeah, and then someone hacks into your admin panel because it's only a username and password that protect your whole backend and steals API keys to 3rd party services...
@@earlymorningdev I know I’m commenting on this 3 months down the line, but I think they’re alluding to the fact that the Pocketbase Admin Dashboard is only protected by username and password, not 2FA. As someone else has already pointed out, there are many solutions including disabling the dashboard. A major feature of Pocketbase is that it can be used as a framework; it’s somewhat trivial to remove the dashboard. It’s also perfectly feasible to add 2FA using the framework. Alternatively, protect the dashboard with something like Cloudflare, where you can add 2FA or use allowed IP addresses only, with a few clicks.
5:20 we're not concerned with authentication here
Me: bro, that's precisely the title thumbnail of this video.
Yeah my bad I meant "Authorisation"
Hi, great content as usual.
I am currently facing an issue with pocketbase. I am getting a cors error when trying to access images in my nuxt app. pocketbase is hosted on hetzner and both the app and pocket base have the same domain
thanks
Reach out to me on X with more info.
Where is the FE hosted?
How are you hosting pocketbase on hetzner? Is it dockerized?
What images are you accessing are they stored as files or urls in PocketBase as part of a collection?
Here is a quick test you can run to determine if PocketBase or not - spin up a PocketBase instance on PocketHost with a similar collection (this will have a different domain) and see if you get the same issue. 90% sure that the reason cors will not be happy with you is because you can't have requests with the same origin
If you are want to turn off cors on your browser there are some good extensions. Again DM me on X on this as I can help you more
It's a good video, but the background music is so annoying that I watched it on mute.
Noted will be sure to not include in future vids
Yeah, and then someone hacks into your admin panel because it's only a username and password that protect your whole backend and steals API keys to 3rd party services...
I didn't understand your point there :)
@greendsnow then put the panel behind a vpn, restrict to specific IPs, or just disable the panel.... ???
@@alphaneo9198 /api/admins endpoint is still available.
@@earlymorningdev I know I’m commenting on this 3 months down the line, but I think they’re alluding to the fact that the Pocketbase Admin Dashboard is only protected by username and password, not 2FA.
As someone else has already pointed out, there are many solutions including disabling the dashboard.
A major feature of Pocketbase is that it can be used as a framework; it’s somewhat trivial to remove the dashboard. It’s also perfectly feasible to add 2FA using the framework. Alternatively, protect the dashboard with something like Cloudflare, where you can add 2FA or use allowed IP addresses only, with a few clicks.