Add CORS headers to API routes (#152)

niran · web-flow · commit c502530e92fc · 2026-03-16T18:49:28.000-05:00
* Add CORS headers to API routes

Allow cross-origin requests to /api/* endpoints by adding a Next.js
proxy (the v16 replacement for middleware) that sets
Access-Control-Allow-Origin: * on all API responses and handles
OPTIONS preflight requests.

* Fix import ordering for biome lint
diff --git a/src/proxy.ts b/src/proxy.ts
@@ -0,0 +1,25 @@
+import type { NextRequest } from "next/server";
+import { NextResponse } from "next/server";
+
+export function proxy(request: NextRequest) {
+  if (request.method === "OPTIONS") {
+    return new NextResponse(null, {
+      status: 204,
+      headers: {
+        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Methods": "GET, OPTIONS",
+        "Access-Control-Allow-Headers": "Content-Type",
+      },
+    });
+  }
+
+  const response = NextResponse.next();
+  response.headers.set("Access-Control-Allow-Origin", "*");
+  response.headers.set("Access-Control-Allow-Methods", "GET, OPTIONS");
+  response.headers.set("Access-Control-Allow-Headers", "Content-Type");
+  return response;
+}
+
+export const config = {
+  matcher: "/api/:path*",
+};
