It's working only on localhost

Hey there,

First of all, thank you so much for this great tool!
I need some help using it with my domain. It’s working on localhost but it gives me an error 405 when I try to log in or register on my domain/subdomain.
I have access to the API which is also on a subdomain. I’m not sure if it’s a good idea but it works only in this way on localhost.

Thank you so much for your time in advance!

Can you provide more details? How are you hosting? What exactly does not work? What did you try? Are there any error messages?

This post was flagged by the community and is temporarily hidden.

What api url did you configure in the frontend?

This post was flagged by the community and is temporarily hidden.

And you can access the api from your browser at https://api.domain.com/api/v1/info?

This post was flagged by the community and is temporarily hidden.

Which url is shown in the top right of the login form? Can you share a screenshot?

This post was flagged by the community and is temporarily hidden.

It shows whatever you have configured. The setting is saved per browser so it’s probably saved on local host for the prod domain as well.

The setting looks correct though. Can you open dev tools and check where the login request is going and what the response is?

Somehow it worked :slight_smile: Thank you for your time, I really appreciate it!

I have one last question. I have to restrict the API URL. Which IP I have to add in the Cloudflare settings? The frontend URL one or?

The browser you’re using Vikunja with directly accesses the api. Not sure what rule that would require.

Can I ask you what you mean? The IP which accesses the API URL is the browser IP? Could it be the Frontend URL IP?

The IP which accesses the api is the one of the computer you’re using to access the frontend. The one where the browser is running on.

Hmm, OK, I will test some options. Thank you for your time once again!
Is it too dangerous to leave the API unprotected? I mean it can be accessed at www.api domain com

The API has to be publicly accessible. As long as you do what you’d normally do to secure access to a publicly available web service it should be fine.

Thank you! Isn’t too dangerous to leave the API URL unprotected? I mean in this way everyone can access it.

I don’t think it is dangerous to leave the api accessible to anyone. Sure, there can be security issues we don’t yet know about, but as long as you keep your installation up to date it should be fine.

You may want to disable the registration, though.

Great! Thank you for everything!