Cannot run Server Actions in GitHub Codespaces or VSCode Tunnel #58019
Comments
|
Having the same issue here, middleware CORS not helping either |
|
I'm having this issue with a host that is being served behind an apache |
|
Hello, I had the same issue after upgrading from NextJS 13 to NextJS 14, my server is running behind an NGINX reverse proxy. Adding the following to the reverse proxy configuration resolved the issue : I hope this can help you resolve the issue on your end by adapting this solution to Apache etc... Best regards. |
|
So Next 14 added some more protection against CSRF attacks. However it caused this problem we're all running in to. #57529 allows us to specify a list of allowed forwarded hosts, and it was released in v14.0.2-canary.4 I was able to fix this without messing with the proxy settings (which are configured automatically (and correctly) by apache) by doing the following:
experimental: {
serverActions: {
// edit: updated to new key. Was previously `allowedForwardedHosts`
allowedOrigins: ['my-forwarded-host.com'],
},
}, |
|
I also had this issue and have confirmed that this works with GitHub Codespaces.
|
|
do i need to include subdomains?
|
|
Hello, I am having the same issue here with Nginx proxy. Tried to Upgrade next to 14.0.2-canary.4 and add allowedForwardedHosts but it is not working. Any documentation on how to set up allowedForwardedHosts correctly ? |
Not sure if there is any documentation, especially because it is not a full release yet. But you should be able to add this to your experimental: {
serverActions: {
allowedForwardedHosts: ['my-forwarded-host.com'],
},
}, |
|
After upgrading to 14 I'm running into the same issue with a Next app being deployed via Docker. If I statically set a hostname using docker run or docker compose locally I can map it using allowedForwardedHosts and it works. However, when deploying to a cloud provider I don't have any control over the hostname. I do have the hostname available via an env variable, but as far as I can tell I can't use an env var in |
If you manually install |
@danieltott the issue is that with a cloud platform, I won't know the container host name until the container is run, which will be after the build was run to create the Docker image. It seems therefore that this approach is incompatible with |
|
We've added an option Shu is currently out of office till next week but we'll add support for wildcard patterns once he's back. |
I set my allowed host for the hostname of the gateway of my the k8 cluster. I'm assuming with an nginx you can try localhost, 127.0.0.1 or 0.0.0.0 probably |
|
when added prompt |
|
not work in VSCode Tunnel. I tried both: experimental: {
serverActions: {
allowedForwardedHosts: ["localhost", "xxxxxxxx-3000.xxx.devtunnels.ms"],
allowedOrigins: ["xxxxxxxx-3000.xxx.devtunnels.ms", "localhost:3000"]
}
}experimental: {
serverActions: {
allowedForwardedHosts: ["localhost", "xxxxxxxx-3000.xxx.devtunnels.ms"],
allowedOrigins: ["https://xxxxxxxx-3000.xxx.devtunnels.ms", "localhost:3000"]
}
}error: |
|
Sorry, I copied and pasted the Origin in Request Headers directly into allowedOrigins and it worked! |
Could you please share an example of the version of the configuration that worked for you? |
/** @type {import("next").NextConfig} */
module.exports = {
experimental: {
serverActions: {
allowedOrigins: ["demo.example.com:3000"],
},
},
}this worked for me |
Following on from this comment using Hopefully there's some official docs that come with the future releases. |
|
I have the same issue, and allowedOrigins fixes it for fixed subdomains. In this case, how can I allow subdomains ? |
@jide have a look at this comment higher up in the thread by @timneutkens looks like wildcard support is around the corner. |
|
@devraj thanks, but to me the PR seems to only cover a fixed list of origins. See this part of the code : if (serverActions?.allowedOrigins?.includes(originDomain)) {And I did not see any mention of wildcard support. Did I miss something ? |
|
BTW, this issue will make the vercel platforms example not work https://demo.vercel.pub/platforms-starter-kit |
@timneutkens any update on wildcard support? |
|
upgraded to 14.0.2 and added solved my problem |
|
This is affecting me and I'm not even using server actions just route handlers & middleware. Multi tenant saas app. When I dump out the request object headers nextjs seems to be modifying the x-forwarded-host header value and lieing about what it was actually sent as? And this was shipped in a 0.0.1 update? Uhhh... Reverting to 14.0.1 fixes issue. |
experimental: {
serverActions: {
allowedOrigins: ["xxxxxxxx-3000.xxx.devtunnels.ms" /* or Codespace port forward url, no including scheme */, "localhost:3000"]
}
}I have been able to confirm that this solves the problem. |
|
@waki285 Sorry but this is not completed: We still cant use wildacrds in allowOrigins. |
|
I also need this to be a wildcard origin, as I will be working with multiple different origins. |
|
This configure is worked for me when I'm working in Codespaces module.exports = nextConfig; |
|
This commit adds wildcard support : 6fbff29 Available in canary for now. |
|
Is this a way to set this options in .env? I don't want to commit next.config.js with my personal codespace domain. |
You can use |
|
But as I know process.env.MY_VAR value should be set up while build time. And it will not work with docker solution and different env variables while running time. Correct me, if I'm mistaken |
|
hi team. i used all of examples. but, they r not working? how can i resolve it? thanks! |
|
None of these options work for me, Next.js seems to ignore the |
|
This is working for me in Codespaces with Next.js 14.1.0: |
Okay, this solves the problem for a limited number of domains. But what can I do if my SaaS works with many custom domains, one custom domain per customer? My specific case is described here: #62050 |
|
@stefanosandes You can now use wildcards, like this : allowedOrigins: ["*.mydomain.com"]But you need to use canary version. See #58019 (comment) |
|
Im having this issue also in 14.2.4 when we attempt to deploy to test. Looks like issue 58295 was maybe closed prematurely? On some endpoints it seems to work, but on others particularly those involving dynamic nested routes, it fails. within my nextjs config i have this: experimental: {
any help would be appreciated. |
I found that using nginx as a reverse proxy for my application was setting the x-forwarded-host to localhost:3000, so i added this line onto my config. If you are using a reverse proxy, it might help: |
I cannot seem to make this work. I'm on My config looks like this: I've also use the domain directly: I still keep getting: |
and others
Link to the code that reproduces this issue
https://github.com/waki285/Server-Actions-Bug
To Reproduce
next dev.Current vs. Expected behavior
Expected:
Server Actions are executed successfully and no errors occur.
Current:
The following error occurs
Verify canary release
Provide environment information
Operating System: Platform: linux Arch: x64 Version: #25-Ubuntu SMP Wed Mar 30 15:54:22 UTC 2022 Binaries: Node: 20.9.0 npm: 10.2.2 Yarn: N/A pnpm: 8.10.2 Relevant Packages: next: 14.0.2-canary.11 eslint-config-next: N/A react: 18.2.0 react-dom: 18.2.0 typescript: 5.1.3 Next.js Config: output: N/AWhich area(s) are affected? (Select all that apply)
App Router
Additional context
No response
The text was updated successfully, but these errors were encountered: