I don't see the CORS Access Origin Headers in the response headers

Antoine · July 27, 2023, 10:49am

System Information

Strapi Version: 4.10.5
Operating System: Heroku
Database: PostgreSQL
Node Version:
NPM Version:
Yarn Version:

Hello

I may have a misconception of how it works, but I configured the cors middleware just like in the CORS docs. However, when I request an endpoint (e.g. api/products), I don’t see anything in the response headers.

I know my config worked because the Strapi Dashboard got blocked by CORS, but still nothing in the headers.

I would like Access-Control-Allow-Origin to show up in the network chrome tab, just like https://api.publicapis.org/entries:

I’m trying to do this because I’m experiencing random network errors in the frontend, and everything seems to point to it being a CORS issue.

I’m not sure if this is a good idea or not. Any guidance would be appreciated.

Thanks!

My headers response:

Antoine · July 29, 2023, 10:47am

I added this snipped to an individual route:

ctx.set("Access-Control-Allow-Origin", "*");

And now I can see it in the headers, I think that the config is not working

Pooyahmti · September 4, 2023, 12:56pm

There is no need to configure the cors middleware because by default the middleware should set the CORS headers (Including Access-Control-Allow-Origin : * ).
The problem is the Strapi itself. “No CORS Headers” is a reported and confirmed bug: Issue#14357.
And surprisingly looks like no one is caring about this Major bug rendering cors middleware completely useless. Let’s hope they fix this ASAP !!

uronsama · October 30, 2023, 4:42am

In Strapi v4.15.0 where do you add this?

Boegie19 · October 30, 2023, 10:22am

You can set this all in the security global middleware.

or in CORS