Did I miss a change in the documentation?
This topic has been created from a Discord post (1225099713293058098) to give it more visibility.Join the conversation on Discord
I encounter this as well. looked everywhere and found no solutions yet.
found some old issues related to this
strapi:main ← CleberRossi:bugfix/fix-cors-default-headers-14357
opened 03:25AM - 06 Oct 22 UTC
Updating koa/cors to 3.4.2 in order to fix cors filter origin problem #14357
…
There was a bug that is fixed on koa/cors 3.4.2 version.
Fixes #14357
<!--
Hello 👋 Thank you for submitting a pull request.
To help us merge your PR, make sure to follow the instructions below:
- Create or update the tests (ok)
- Create or update the documentation at https://github.com/strapi/documentation (ok)
- Refer to the issue you are closing in the PR description: Fix #14357 (OK)
- Specify if the PR is ready to be merged or work in progress (by opening a draft PR) (done)
Please ensure you read the Contributing Guide: https://github.com/strapi/strapi/blob/main/CONTRIBUTING.md
-->
### What does it do?
In order to fix #14357 I had to fix another bug on koa/cors, as my PR was merged -> https://github.com/koajs/cors/pull/87 I'm creating this PR in order to update the lib
### Why is it needed?
Koa/cors was not calling origin middleware when the origin header was not present. Hence, even when you set credentials as false, the middleware was not called and people could not get Access-Control-Allow-Origin as '*'.
### How to test it?
Set credentials as false on config/middlewares.js, call any API in order to retrive Access-Control-Allow-Origin as '*' as DEFAULT.
```
{
name: 'strapi::cors',
config: {
credentials: false,
},
},
```
### Related issue(s)/PR(s)
Fix #14357
Please, could you add https://hacktoberfest.com/ label?
opened 02:40PM - 19 Oct 22 UTC
closed 04:37PM - 19 Oct 22 UTC
issue: bug
severity: high
status: confirmed
source: core:strapi
# Setup
- Node.js version: 16.14.2
- NPM version: 8.13.2
- Strapi version: … 4.4.4
- Database: postgres
- Operating system: MacOS Monterey 12.6
### Describe the bug
After recently update from `4.4.3` to `4.4.4` responses with the following error while visiting `localhost:1337` or any other related URL:
```json
{
"data": null,
"error": {
"status": 500,
"name": "InternalServerError",
"message": "undefined is not a valid origin"
}
}
```
I have a custom CORS policy in `middleware.js` (see "step to reproduce" for the code), which did worked with previous versions. After update to `4.4.4` it seems to be broken. Using standard CORS config as `'strapi::cors'` fix the issue.
### Steps to reproduce the behavior
1. Update Strapi to 4.4.4
2. Make sure to have custom CORS policy in `middleware.js`, e.g.:
```js
{
name: "strapi::cors",
config: {
enabled: true,
headers: "*",
origin: env.array("ALLOWED_ORIGINS_URL"), // for example: http://localhost:3000,http://localhost:1337
},
},
```
### Expected behavior
Strapi works normally without any errors. Admin panel can be visited.
found the solution
"resolutions": {
"@koa/cors": "3.4.1"
},