Strapi Version: 4.5.5
Operating System: Rocky Linux 8.7 (Green Obsidian)
Database: sqlite 3.26.0
Node Version: 18.12.1
NPM Version: 8.19.2
Yarn Version: 1.22.19
After setting up a Strapi backend, I created a frontend using the following guide:
Also I added a .env file in the frontend folder and replaced “localhost” by 127.0.0.1.
Unfortunately I am seeing a 403 Forbidden error in the Frontend log.
Most probably it is because the backend API requires the token to be passed for authentication.
But it is not clear to me how to configure the frontend with this token.
I tried various settings based on various articles and posts, but those attempts were not successful. Any clear guideline on how to set this up correctly would be welcomed!
So make sure you gave either A) Public permissions like it says here
Settings > Users & Permissions Plugin > Roles > Public
And give the correct permissions.
This allows you to get information without a JWT token.
If you need the JWT token it’s the same place but you need to give permission for Authenticated roles and the route you want to open access to.
Thank you. By default Strapi is pre configured with three roles: Author, Editor, Super Admin.
Whenever I try to create a new role, a message says the Community Edition cannot support more roles.
If I try to remove or change existing roles which are unused, I get the same message.
The purpose of a frontend is generally to be public facing, therefore it is surprising not being able to configure a public role at all! And not even being able to test the frontend!
Is the only solution to use an Enterprise license?
The Author Editor Super Admin is for Admin UI roles.
And yes that is the EE license to have more roles.
If you have a difference frontend you want the Users & Permissions roles
Do the recent announcements to make RBAC available in Strapi Community Edition now permit creating those frontends with Public roles?
That would be correct, when RBAC is released for the CE (Community Edition) you can create more roles on the admin panel etc.
Thank you. When is this release scheduled for? And will there be any restrictions to the type of roles?
There is no ETA at the moment but have a read here.