Hi all, i’m trying to add CORS for some of my sub-domains/domains such that only those will be able to access my strapi resources but unfortunately i’m unable to do so. I followed the documentation as per Middlewares | Strapi Documentation, still no luck, I can still access strapi backend through any domain (currently testing with http://localhost:3000 - my nextjs project (strapi running on http://localhost:1337)). I tried adding @koa/cors and added in resolutions as well but still no luck. Below are some details about the project and some related code ;-
strapi package.json :-
{
"name": "blog-cms",
"version": "0.1.0",
"private": true,
"description": "A Strapi application",
"license": "MIT",
"author": {
"name": "A Strapi developer"
},
"scripts": {
"build": "strapi build",
"dev": "strapi develop",
"start": "strapi start",
"strapi": "strapi"
},
"resolutions": {
"@koa/cors": "5.0.0"
},
"dependencies": {
"@_sh/strapi-plugin-ckeditor": "^1.1.1",
"@aws-sdk/client-secrets-manager": "^3.480.0",
"@koa/cors": "5.0.0",
"@strapi/plugin-color-picker": "^4.9.1",
"@strapi/plugin-graphql": "^4.24.2",
"@strapi/plugin-i18n": "4.24.2",
"@strapi/plugin-users-permissions": "4.24.2",
"@strapi/provider-upload-aws-s3": "^4.24.2",
"@strapi/strapi": "4.24.2",
"mysql": "^2.18.1",
"react": "^18.3.1",
"react-dom": "^18.3.1",
"react-router-dom": "^5.3.4",
"styled-components": "^5.3.11"
}
}
config/middlewares.js
module.exports = [
"strapi::errors",
"strapi::security",
"strapi::poweredBy",
{
name: "strapi::cors",
config: {
origin: ["http://localhost:3000"],
},
},
"strapi::logger",
"strapi::query",
"strapi::body",
"strapi::favicon",
"strapi::public",
];
Can someone shed some light on this issue?
This topic has been created from a Discord post (1257668340382695472) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord