I don't see the CORS Access Origin Headers in the response headers

System Information
  • Strapi Version: 4.10.5
  • Operating System: Heroku
  • Database: PostgreSQL
  • Node Version:
  • NPM Version:
  • Yarn Version:

Hello :wave:

I may have a misconception of how it works, but I configured the cors middleware just like in the CORS docs. However, when I request an endpoint (e.g. api/products), I don’t see anything in the response headers.

I know my config worked because the Strapi Dashboard got blocked by CORS, but still nothing in the headers.

I would like Access-Control-Allow-Origin to show up in the network chrome tab, just like https://api.publicapis.org/entries:

I’m trying to do this because I’m experiencing random network errors in the frontend, and everything seems to point to it being a CORS issue.

I’m not sure if this is a good idea or not. Any guidance would be appreciated.


My headers response:

I added this snipped to an individual route:

ctx.set("Access-Control-Allow-Origin", "*");

And now I can see it in the headers, I think that the config is not working

There is no need to configure the cors middleware because by default the middleware should set the CORS headers (Including Access-Control-Allow-Origin : * ).
The problem is the Strapi itself. “No CORS Headers” is a reported and confirmed bug: Issue#14357.
And surprisingly looks like no one is caring about this Major bug rendering cors middleware completely useless. Let’s hope they fix this ASAP !!

In Strapi v4.15.0 where do you add this?

You can set this all in the security global middleware.

or in CORS

1 Like