Allow mismatched origin x-forwarded-host in server action
Unanswered
Dwarf Crocodile posted this in #help-forum
Dwarf CrocodileOP
I am running my nextjs app through an okd cluster and apache and i get this error
Is it possible to ignore this check? Changing behavior in nextjs or spoofing the x-forwarded-host in the okd cluster seems to be my only options.
header with value `x.apps.okd.example.com` does not match `origin` header with value `x.example.com` from a forwarded Server Actions requestIs it possible to ignore this check? Changing behavior in nextjs or spoofing the x-forwarded-host in the okd cluster seems to be my only options.
5 Replies
@Dwarf Crocodile I am running my nextjs app through an okd cluster and apache and i get this error
header with value `x.apps.okd.example.com` does not match `origin` header with value `x.example.com` from a forwarded Server Actions request
Is it possible to ignore this check? Changing behavior in nextjs or spoofing the x-forwarded-host in the okd cluster seems to be my only options.
unless you can get a good [
allowedOrigins array](https://nextjs.org/docs/app/api-reference/next-config-js/serverActions#allowedorigins), then yeah you have to patch nextjs or spoof the header unfortunatelyi face the same problem too and ended up spoofing the header and implementing my own csrf protection
in this case though from the error message, it looks like
["*.example.com"] will sufficeDwarf CrocodileOP
I just spoofed the okd route as well
Seemed like the easier option for me