Troubleshooting
401 Unauthorized
Double-check that the request to the hub includes an authorization cookie (the default name is
mercureAuthorization
) or anAuthorization
HTTP headerIf the cookie isn't set, you may have to explicitly include the request credentials (
new EventSource(url, {withCredentials: true})
andfetch(url, {credentials: 'include'})
)Check the logs written by the hub on
stderr
, they contain the exact reason why the token has been rejectedBe sure to set a secret key (and not a JWT) in
JWT_KEY
(or inSUBSCRIBER_JWT_KEY
andPUBLISHER_JWT_KEY
)If the secret key contains special characters, be sure to escape them properly, especially if you set the environment variable in a shell, or in a YAML file (Kubernetes...)
The publisher always needs a valid JWT, even if the
anonymous
directive is present in theCaddyfile
, this JWT must have a property namedpublish
. To dispatch private updates, thepublish
property must contain the list of topic selectors this publisher can use (example)The subscriber needs a valid JWT only if the
anonymous
directive isn't present in theCaddyfile
, or to subscribe to private updates, in this case the JWT must have a property namedsubscribe
and containing an array of topic selectors (example)
For both the publish
property, the array can be empty to publish only public updates. For both publish
and subscribe
, you can use ["*"]
to match all topics.
CORS Issues
If the app connecting to the Mercure hub and the hub itself are not served from the same domain, you must whitelist the domain of the app using the CORS (Cross-Origin Resource Sharing) mechanism.
The usual symptoms of a CORS misconfiguration are errors about missing CORS HTTP headers in the console of the browser:
Chrome:
Refused to connect to 'https://hub.example.com/.well-known/mercure?topic=foo' because it violates the following Content Security Policy directive
Firefox:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://hub.example.com/.well-known/mercure?topic=foo. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)
To fix these errors, set the list of domains allowed to connect to the hub as value of the cors_origins
in the Caddyfile
. Example: cors_origins https://example.com https://example.net
. Don't forget the https://
prefix before the domain name!
If you use an authorization mechanism (cookie or Authorization
header), you cannot set the value of cors_origins
to *
. You must explicitly set the list of allowed origins.
If you don't use an authorization mechanism (anonymous mode), you can set the value of cors_origins
to *
to allow all applications to connect to the hub (be sure to understand the security implications of what you are doing).
URI Templates and Topics
Try our URI template tester to ensure that the template matches the topic.
Disconnection With the Inability To Reconnect After Some Time
If the JWT supplied to the Mercury hub contains an exp
(expiration time) claim (this is the default for tokens generated with most JWT libraries), the hub will automatically disconnect when the expiry date is reached.
After that, it is no longer possible to reconnect with the same JWT, as it has expired. The hub will return an HTTP 401 error.
One solution is to generate a new, valid JWT before reconnecting.
Although not setting the exp
claim allows an open-ended connection, this solution is not recommended as it reduces the security of your data (someone with a valid JWT will be able to connect forever, at least until the secret key is changed).
macOS Localhost Installation Error
To execute the Mercure.rocks binary, you must first release it from quarantine.
macOS Ventura And Later Versions
Remove the com.apple.quarantine
attribute:
xattr -d com.apple.quarantine ./mercure
You can now start the hub as usual:
./mercure run
The attribute only needs to be deleted once.
macOS Catalina
On macOS Catalina and later versions, follow these steps:
In the Finder on your Mac, locate the app that you want to open
Control-click on the app icon, then choose "Open" from the shortcut menu
Click "Open"
Then you will have a warning, ignore it and close the Terminal.
Open a new Terminal in the Mercure folder.
Then just start the server:
./mercure run
It will work. 🎊