Hi, I’m new to Strapi, First I want to thank all contributors and developers for this awesome CMS.
My question is, I’m using strapi V4, and I want to configure cors to not be a wildcard ( Cross-Origin Resource Sharing: "*" ) I want to configure it to be like this : ( Cross-Origin Resource Sharing : ["http://localhost:3000] ), I mean I want my API to be accessible only by my frontend origin, and didn’t know how to implement it, I know I need to change something in middlewares but if there is an example it would be great.
Thank you in advance
4 Likes
i am also facing such issue. Did u resolve your issue?
I am facing the same issue. Setting the cors in middlewares.js does not block direct API calls. My configuration is
{
name: 'strapi::cors',
config: {
enabled: true,
origin: ['http://localhostsdfsg:1337'],
methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
headers: ['Content-Type', 'Authorization', 'Origin', 'Accept'],
}
},
This does block the admin console and spits the error “http://localhost:1337 is not a valid origin”. However, direct API calls still work from any origin.
Same issue here, do you have documentation to achieve this ?