Add ADMIN_URL to allowed origins in site (#122)

When making a CORS request to a Next API route from inside the block preview, the request's origin is the Admin URL. This is probably due to the same-origin policy. We need to set the `Access-Control-Allow-Origin` header to allow such requests.
vivid-planet · Jan 29, 2024 · 4901365 · 4901365
1 parent f3cc237
commit 4901365
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/site/next.config.js b/site/next.config.js
@@ -110,6 +110,10 @@ const nextConfig = {
                         .replace(/\s{2,}/g, " ")
                         .trim(),
                 },
+                {
+                    key: 'Access-Control-Allow-Origin',
+                    value: process.env.ADMIN_URL,
+                 }
             ],
         },
     ],