New awesome tutorial on our channel. Read the article.
Note that by setting credentialsRequired: false, we allow non-authenticated requests to pass through the middleware. This is required so we can allow signup and login requests (and others) through the endpoint.
… in most apps. So ruling this out at the start for performance reasons is a premature optimization. That said, here’s an example where the performance impact of this approach mattered.