I don't see the CORS Access Origin Headers in the response headers

System Information
  • Strapi Version: 4.10.5
  • Operating System: Heroku
  • Database: PostgreSQL
  • Node Version:
  • NPM Version:
  • Yarn Version:

Hello :wave:

I may have a misconception of how it works, but I configured the cors middleware just like in the CORS docs. However, when I request an endpoint (e.g. api/products), I don’t see anything in the response headers.

I know my config worked because the Strapi Dashboard got blocked by CORS, but still nothing in the headers.

I would like Access-Control-Allow-Origin to show up in the network chrome tab, just like https://api.publicapis.org/entries:

I’m trying to do this because I’m experiencing random network errors in the frontend, and everything seems to point to it being a CORS issue.

I’m not sure if this is a good idea or not. Any guidance would be appreciated.


My headers response:

I added this snipped to an individual route:

ctx.set("Access-Control-Allow-Origin", "*");

And now I can see it in the headers, I think that the config is not working

There is no need to configure the cors middleware because by default the middleware should set the CORS headers (Including Access-Control-Allow-Origin : * ).
The problem is the Strapi itself. “No CORS Headers” is a reported and confirmed bug: Issue#14357.
And surprisingly looks like no one is caring about this Major bug rendering cors middleware completely useless. Let’s hope they fix this ASAP !!