Skip to content

CORS origin can't be set in middleware.js in 4.22.0 #20033

@jumptrnr

Description

@jumptrnr

Bug report

Required System information

  • Node.js version: 18.18.2
  • NPM version: 9.8.1
  • Strapi version: 4.22.0
  • Database: mysql
  • Operating system: OSX Sonoma 14.4.1
  • Is your project Javascript or Typescript: Javascript

Describe the bug

Setting explicit CORS origins no longer works after updating from 4.21.1 to 4.22.
Get

InternalServerError: is not a valid origin" (/node_modules/koa/lib/context.js:97:11)

Steps to reproduce the behavior

  1. in middleware.js, list "origin as "http://localhost:3000"
  2. access api request from that address
  3. See error
  4. also deleted node_modules, and lock file - still issue persisted

Revert to 4.19 and issue goes away
Or list origin as ['*'] and it also goes away in 4.22

Expected behavior

Setting origins as array of allowed URL works without wildcard

Screenshots

If applicable, add screenshots to help explain your problem.

Code snippets

If applicable, add code samples to help explain your problem.

Additional context

Add any other context about the problem here.
Another user reported setting @koa/cors to this also fixed but know cors was updated recently
"resolutions": { "@koa/cors": "3.4.1" },

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue: bugIssue reporting a bugissue: securityIssue reporting a security problemseverity: highIf it breaks the basic use of the productsource: core:strapiSource is core/strapi packagestatus: confirmedConfirmed by a Strapi Team member or multiple community members

    Type

    No type

    Projects

    Status

    Fixed/Shipped

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions