Nonce doesn't work for draft previews

[thelucre]

I've been digging pretty thoroughly to solve this issue. In Wordpress 5.3.2 and Wordpress 5.4, maybe others, the nonce value isn't working for draft previews. I've tried this both with the Postlight repo and with a barebones install and frontend to make sure it's not plugin- or theme-related.

It appears that the session cookie is not set or sending through with the frontend rest call, therefore the nonce appears to be invalid. Anyone else having this problem with Postlight Headless WP?

I see a couple options moving forward:

1. Figure out how to get the logged_id session cookie to the frontend domain and passed through with the AJAX request (best case)
2. Use JWT Auth to make admins login to view draft previews.

Any thoughts on this issue or known workarounds?

Here's a detailed thread: https://wordpress.stackexchange.com/questions/363012/cant-get-draft-posts-via-rest-api-from-headless-frontend

[trst]

Ran into the same issue, would love to see a work around. Would JWT (in your conception @thelucre) require a user logged in the backend of WP to login again on the preview side? Or would there be some mechanism to store a JWT on logging in on the WP side?