Home > other >  Handling cors with next.js
Handling cors with next.js

Time:12-16

I'm using netlify as my front end and heroku with Next.js as my backend

on the front end I'm sending a fetch request like this:

fetch(`https://backendname.herokuapp.com/data`, {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({"category":"_main"})
  }).then(...);

and in my pages/api/data.js in the backend:

export default function handler(req, res) {
    req.body=JSON.parse(req.body);

    res.setHeader("Access-Control-Allow-Origin", "https://frontendname.netlify.app/");
    res.setHeader('Access-Control-Allow-Methods', 'POST');
    res.setHeader(
      'Access-Control-Allow-Headers',
      'X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version'
    )
    if(req.method!='POST')
     return res.end();

    res.json({...})

}

I even added this to my next.config.js:

module.exports = {
  async headers() {
    return [
      {
        // matching all API routes
        source: "/api/:path*",
        headers: [
          { key: "Access-Control-Allow-Credentials", value: "true" },
          { key: "Access-Control-Allow-Origin", value: "https://frontendname.netlify.app/" },
          { key: "Access-Control-Allow-Methods", value: "GET,OPTIONS,PATCH,DELETE,POST,PUT" },
          { key: "Access-Control-Allow-Headers", value: "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version" },
        ]
      }
    ]
  },
  reactStrictMode: true,
}

but I get this error:

Access to fetch at 'https://backendname.herokuapp.com/data' from origin 'https://frontendname.netlify.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I'm trying not to use any third party packages like in this question

CodePudding user response:

Problem(s)

https://frontendname.netlify.app/ is not an origin. Because the CORS middleware observes a mismatch between

  • the actual origin of your request (https://frontendname.netlify.app), and
  • the "origin" that you've allowed in your CORS configuration (https://frontendname.netlify.app/),

it doesn't set the Access-Control-Allow-Origin response header, which causes the preflight check to fail.

You also seem to set CORS headers in multiple places, which isn't a good idea.

Solution

Drop that trailing slash in the value set in the Access-Control-Allow-Origin header, and don't specify duplicate CORS headers in the response.

Page link:https//www.codepudding.com/other/229624.html

Prev:How can I check for SSL error inside the pipeline script
Next:having a problem with hosting discord.js bot on heroku
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding