CORS error on api routes NextJs 15

Unanswered

Tan posted this in #help-forum

TanOP

2024-12-27T16:50:11.038Z

Hi I was trying to hit the api route from another project running on localhost:3000. But I am constangly getting cors error.

The way I setup cors is like this:

middleware.ts

import { NextRequest, NextResponse } from "next/server";
import { handlePrivateRoute } from "./lib/auth";

export async function middleware(request: NextRequest) {
  const pathname = request.nextUrl.pathname;

  // Appending cors headers for api routes
  if (pathname.startsWith("/api")) {
    const res = NextResponse.next();
    res.headers.append("Access-Control-Allow-Origin", "*");
    res.headers.append("Access-Control-Allow-Methods", "*");
    res.headers.append("Access-Control-Allow-Headers", "*");
    res.headers.append("Access-Control-Allow-Credentials", "true");
    return res;
  } else {
    // All routes are private, so always check authentication
    return handlePrivateRoute(request);
  }
}

export const config = {
  matcher: [
    /*
     * Match all request paths except for the ones starting with:
     * - _next/static (static files)
     * - _next/image (image optimization files)
     * - favicon.ico, sitemap.xml, robots.txt (metadata files)
     */
    "/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)",
  ],
};

And here is my api route:

export const OPTIONS = async (request: NextRequest) => {
  return new NextResponse("", {
    status: 200,
  });
};

export async function POST() {
  return Response.json({ message: "ok" });
}

While hitting options it returns 200 but hitting post route will cause CORS error. Any solution to this ?

4 Replies

@Tan Hi I was trying to hit the api route from another project running on localhost:3000. But I am constangly getting cors error. The way I setup cors is like this: middleware.ts js import { NextRequest, NextResponse } from "next/server"; import { handlePrivateRoute } from "./lib/auth"; export async function middleware(request: NextRequest) { const pathname = request.nextUrl.pathname; // Appending cors headers for api routes if (pathname.startsWith("/api")) { const res = NextResponse.next(); res.headers.append("Access-Control-Allow-Origin", "*"); res.headers.append("Access-Control-Allow-Methods", "*"); res.headers.append("Access-Control-Allow-Headers", "*"); res.headers.append("Access-Control-Allow-Credentials", "true"); return res; } else { // All routes are private, so always check authentication return handlePrivateRoute(request); } } export const config = { matcher: [ /* * Match all request paths except for the ones starting with: * - _next/static (static files) * - _next/image (image optimization files) * - favicon.ico, sitemap.xml, robots.txt (metadata files) */ "/((?!_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt).*)", ], }; And here is my api route: ts export const OPTIONS = async (request: NextRequest) => { return new NextResponse("", { status: 200, }); }; export async function POST() { return Response.json({ message: "ok" }); } While hitting options it returns 200 but hitting post route will cause CORS error. Any solution to this ?

Kurilian Bobtail

2025-01-02T23:41:41.314Z

Hey did you find a fix for this? I'm getting the same issue

Kurilian Bobtail

2025-01-03T00:04:05.821Z

@Tan I had a similar issue and it was solved with just adding the www. in the request url (not sure why that made a difference) but I changed https://domain to https://www.domain and no more cors problems

@Kurilian Bobtail <@550218535104937996> I had a similar issue and it was solved with just adding the www. in the request url (not sure why that made a difference) but I changed `https://domain` to `https://www.domain` and no more cors problems

TanOP

2025-01-03T01:01:43.544Z

yes

I found the solution. Mine was because of credential headers. And I added cors header in route instead of miffleware.