allowedDevOrigins
Last updated April 15, 2025
Next.js does not automatically block cross-origin requests during development, but will block by default in a future major version of Next.js to prevent unauthorized requesting of internal assets/endpoints that are available in development mode.
To configure a Next.js application to allow requests from origins other than the hostname the server was initialized with (localhost by default) you can use theallowedDevOrigins config option.
allowedDevOrigins allows you to set additional origins that can be used in development mode. For example, to uselocal-origin.dev instead of onlylocalhost, opennext.config.js and add theallowedDevOrigins config:
module.exports= { allowedDevOrigins: ['local-origin.dev','*.local-origin.dev'],}