I'm struggling a bit to get my publish instance working properly with AEM + CIF (1.10.0) + Venia + Magento. Everything works properly in author - I can view products, add to cart, and complete checkout. My commerce config path is set as /api/graphql.
The problem is that in publish, I'm getting a 403 error when it attempts to hit the graphql endpoint:
I have set up the COMMERCE_ENDPOINT environment variable and this is working as expected in author.
I checked the CSRF configuration and by default it only has the /graphql endpoint listed as ignoring CSRF, so I'm assuming that the publish endpoint cannot just be /api/graphql. I tried adding /api/graphql to the CSRF config just for fun, but that didn't fix it.
So my question is, in order for publish to work, do I have to set up a proxy and update my config in author (and then publish it) using that URL instead? I actually tried changing the URL to hit Magento directly, but of course I get a CORS error, so there obviously needs to be a proxy somewhere...I just thought AEM could handle it internally for publish like it does for author. Does anyone know if I absolutely need to set up a proxy for publish? Even if I do use a proxy, I'm assuming I would want to use the dispatcher as my proxy so that I don't run into the CORS issue there too, and to avoid a second proxy, right?
I've tried scouring the docs but they all speak primarily to author, with almost nothing at all for how the publish setup differs. The only thing I see is the following, which seems to indicate that AEM publish should function as it's own proxy the same way author does:
Example Mac OSX:
Thanks in advance!
Are you logging in on the publisher first? If not, I would check the Sling Authentication Service in the OSGi console is set to allow Anonymous access. https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-sites-locked-for-anony...