Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Same Origin API routes #17814

Closed
jca41 opened this issue Oct 12, 2020 · 3 comments
Closed

Same Origin API routes #17814

jca41 opened this issue Oct 12, 2020 · 3 comments

Comments

@jca41
Copy link

jca41 commented Oct 12, 2020

Bug report

Documentation states that

API Routes do not specify CORS headers, meaning they are same-origin only by default.

https://nextjs.org/docs/api-routes/introduction#caveats

Unless my understanding isn't correct, i shouldn't be able to Postman or https://reqbin.com/ my deployed API routes.

To Reproduce

  1. Go to https://reqbin.com/
  2. Make a request to a deployed API route

Expected behavior

I should see a CORS error.

Additional context

My app is deployed to Vercel.
@timneutkens
Copy link
Member

CORS is a client-implemented protocol (e.g. Browsers). It does not block HTTP requests if you use curl / postman etc because those do not implement CORS.

@jca41
Copy link
Author

jca41 commented Oct 12, 2020

Understood @timneutkens!

@timneutkens timneutkens mentioned this issue Oct 12, 2020
Closed
@balazsorban44
Copy link
Member

This issue has been automatically locked due to no recent activity. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.

@vercel vercel locked as resolved and limited conversation to collaborators Jan 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@timneutkens @balazsorban44 @jca41