Ready to post? First, try searching for your answer.
Anyone getting this error:
Access to fetch at ‘’ (redirected from ‘http://localhost:3000/api/auth/login?_rsc=1wtp7’) from origin ‘http://localhost:3000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
Been stuck on it for a few days, where I’ve added the following function in Middleware
function handleCors(request: NextRequest, response: NextResponse<unknown>) {
if (request.nextUrl.pathname.startsWith("/api")) {
console.log('API request: ', request.nextUrl.pathname)
response.headers.append('Access-Control-Allow-Credentials', "true")
response.headers.append('Access-Control-Allow-Origin', '*')
response.headers.append('Access-Control-Allow-Methods', 'GET,DELETE,PATCH,POST,PUT,OPTIONS')
response.headers.append(
'Access-Control-Allow-Headers',
'X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, Content-Type, Authorization, Authorize, RSC, Next-Router-State-Tree, Next-Router-Prefetch, Cache-Control, Same-Origin'
)
return response;
}
}
and done similar patterns via next.config.js and route level too but same error.