feat: ALLOWED_DEV_ORIGINS env for cross-origin dev mode

[TPFLegionaire]

Problem

Next.js 16 blocks cross-origin requests to /_next/* dev resources by default. When next dev runs behind a reverse proxy (or any non-localhost origin), HMR and the dev chunk loader get blocked, which silently breaks React hydration.

Concrete failure mode: page loads, looks fine, but React never hydrates. The form on /auth/sign-up submits natively as a GET to /auth/sign-up? (form action defaults to the page URL, inputs lack name attributes so the URL has no query). No POST to /api/auth/sign-up/email, no user created, no visible error. Looks like the app is broken.

This is the dev-mode log warning that appears server-side:

⚠ Blocked cross-origin request to Next.js dev resource /_next/webpack-hmr from "bigset.example.com".
Cross-origin access to Next.js dev resources is blocked by default for safety.

Fix

Plumb ALLOWED_DEV_ORIGINS (comma-separated) through NextConfig.allowedDevOrigins. Default stays empty so plain localhost dev is unchanged.

ALLOWED_DEV_ORIGINS=bigset.example.com bun dev

Twelve added lines, zero behavior change for current users.

Ref: https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins

[coderabbitai]

Warning

Rate limit exceeded

@TPFLegionaire has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 58 minutes and 39 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f9b452fc-dc97-41dd-be5b-accd3892f874

📥 Commits

Reviewing files that changed from the base of the PR and between 4552227 and f71e47b.

📒 Files selected for processing (1)

• frontend/next.config.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}