Skip to content

allowedDevOrigins

To configure a Next.js application to allow requests from origins other than the hostname the server was initialized with (localhost by default) you can use the allowedDevOrigins config option.

allowedDevOrigins allows you to set additional origins that can be used in development mode. For example, to use local-origin.dev instead of only localhost, open next.config.js and add the allowedDevOrigins config:

next.config.js
module.exports = {
  allowedDevOrigins: ['local-origin.dev', '*.local-origin.dev'],
}

Cross-origin requests are blocked by default to prevent unauthorized requesting of internal assets/endpoints which are available in development mode. This behavior is similar to other dev servers like webpack-dev-middleware to ensure the same protection.