3

I'm using strapi 4 as localhost and got a problem with cors settings when I add new assets via url

Image upload takes CORS error Access to XMLHttpRequest at 'https://www.countrysideveterinaryclinic.org/sites/default/files/interesting-cat-facts.jpg' from origin 'http://localhost:1337' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Solution from here didn't help

my middleware.js

module.exports = [
  'strapi::errors',
  'strapi::security',
  'strapi::poweredBy',
  {
    name: 'strapi::cors',
    config: {
      enabled: true,
      header: '*',
      origin: ['http://localhost:1337']
    }
  },
  'strapi::logger',
  'strapi::query',
  'strapi::body',
  'strapi::session',
  'strapi::favicon',
  'strapi::public',
];
Wockeez
  • 396
  • 1
  • 4
  • 11
  • What problem are you facing? If you're getting a CORS error message, add it to your question. – jub0bs Mar 07 '22 at 14:27
  • Note that [the documentation for Strapi's CORS middleware](https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/required/middlewares.html#internal-middlewares-configuration-reference) mentions a `headers` (plural) property, but no `header` (singular) property. – jub0bs Mar 07 '22 at 14:28

1 Answers1

28

I found the solution myself, maybe it will help someone

middlewares.js

module.exports = [
  'strapi::errors',
  'strapi::security',
  'strapi::poweredBy',
  {
    name: 'strapi::cors',
    config: {
      enabled: true,
      headers: '*',
      origin: ['http://localhost:1337', 'http://example2']
    }
  },
  'strapi::logger',
  'strapi::query',
  'strapi::body',
  'strapi::session',
  'strapi::favicon',
  'strapi::public',
];
Wockeez
  • 396
  • 1
  • 4
  • 11
  • 4
    Note that in my case, `strapi::cors` was initially defined before `strapi::poweredBy` but it only works in exactly this order (cors must be after poweredBy not before). – kris Sep 08 '22 at 13:27