I’m running all assets on a CDN-enabled subdomain. However, I’ve found that some attachments are now returning 404. These attachments are located in a private section of the forum.
Using the browser’s dev tool I found that these attachments are now using the CDN subdomain, and cookies are not being sent, resulting in me not logged in, hence the 404. The /login or /session request (whichever set the cookie) does not have a Domain key in Set-cookie.
I found some posts before related to the problem, but nothing is clear:
At this point I’m not sure whether this is a problem with my config or a bug. Or maybe intended behavior.
I’m aware of the option ‘prevent anons from downloading files’, but I would like it to remain checked.
Please help, and thanks for the awesome software.