To summarize, the main problem is that if in the proxy rules, requests for files and images are forwarded directly to plone, the auth_token cookie is not considered and the user is anonymous.
The solution proposed here only works in cases where the backend domain (plone) and the frontend domain (volto) match.
the problem has been discussed https://github.com/plone/plone.restapi/issues/148 andhttps://github.com/plone/plone.restapi/pull/1303
To summarize, the main problem is that if in the proxy rules, requests for files and images are forwarded directly to
plone, theauth_tokencookie is not considered and the user is anonymous.The solution proposed here only works in cases where the backend domain (
plone) and the frontend domain (volto) match.