{"id":18601,"library":"nextjs-cors","title":"nextjs-cors","description":"CORS middleware for Next.js API routes, built on top of the popular Express cors package. Current stable version is 2.2.1, released as a patch update preparing for the next major version. Provides a simple, drop-in solution to enable Cross-Origin Resource Sharing in Next.js API routes with all standard cors options (methods, origin, allowed headers, etc.). Uses an async middleware pattern that fits naturally into Next.js API route handlers. Unlike generic cors packages, nextjs-cors is specifically designed for Next.js's request/response model and does not require wrapping or additional configuration to work with Edge Runtime (though support depends on underlying cors). Ships TypeScript definitions, making it easy to use in TS projects. Peer dependency on Next.js >=8.1.1-canary.54, ensuring compatibility with older versions. Compared to other Next.js CORS solutions like next-connect or manual headers, nextjs-cors offers a minimal API and leverages the well-tested cors package.","status":"active","version":"2.2.1","language":"javascript","source_language":"en","source_url":"https://github.com/yonycalsin/nextjs-cors","tags":["javascript","nextjs-cors","next-cors","cors","nextjs","typescript"],"install":[{"cmd":"npm install nextjs-cors","lang":"bash","label":"npm"},{"cmd":"yarn add nextjs-cors","lang":"bash","label":"yarn"},{"cmd":"pnpm add nextjs-cors","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"peer dependency: requires Next.js >=8.1.1-canary.54 for req/res API routes","package":"next","optional":false}],"imports":[{"note":"Package is ESM-only. Default export is a function; do not use named import.","wrong":"const NextCors = require('nextjs-cors')","symbol":"NextCors","correct":"import NextCors from 'nextjs-cors'"},{"note":"Named import is incorrect; the package uses a default export.","wrong":"import { NextCors } from 'nextjs-cors'","symbol":"NextCors","correct":"import NextCors from 'nextjs-cors'"},{"note":"In CommonJS, you must access .default due to ESM default export.","wrong":"const NextCors = require('nextjs-cors')","symbol":"require","correct":"const NextCors = require('nextjs-cors').default"}],"quickstart":{"code":"import NextCors from 'nextjs-cors';\nimport type { NextApiRequest, NextApiResponse } from 'next';\n\nexport default async function handler(\n  req: NextApiRequest,\n  res: NextApiResponse\n) {\n  await NextCors(req, res, {\n    methods: ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'],\n    origin: '*',\n    optionsSuccessStatus: 200,\n  });\n\n  res.json({ message: 'Hello NextJs Cors!' });\n}","lang":"typescript","description":"Demonstrates how to use nextjs-cors as middleware in a Next.js API route with CORS options."},"warnings":[{"fix":"Upgrade Next.js to at least 8.1.1-canary.54 or use an older version of nextjs-cors.","message":"Requires Next.js >=8.1.1-canary.54. Older versions may not support the async handler pattern used.","severity":"breaking","affected_versions":"<2.0.0"},{"fix":"Remove optionsSuccessStatus or set to 204: optionsSuccessStatus: 204","message":"OptionsSuccessStatus option: using it defaults to 200 but modern browsers expect 204. Consider omitting or setting to 204.","severity":"deprecated","affected_versions":">=1.0.0"},{"fix":"Set origin to a specific domain instead of '*' when using credentials: true.","message":"The underlying cors package's origin option might not work as expected with wildcard '*' when credentials are required. Must explicitly set origin for credentialed requests.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use const NextCors = require('nextjs-cors').default;","message":"Importing with CommonJS require requires .default access.","severity":"gotcha","affected_versions":">=2.0.0"},{"fix":"Check that your tsconfig includes 'node_modules/@types' or set 'moduleResolution': 'node'.","message":"If using TypeScript and you see 'Could not find a declaration file for module', ensure types are installed (they are bundled, but tsconfig may need to be configured).","severity":"gotcha","affected_versions":">=2.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Use import NextCors from 'nextjs-cors' or const NextCors = require('nextjs-cors').default;","cause":"Using named import instead of default import, or using require without .default in ESM-mode module resolution.","error":"TypeError: NextCors is not a function"},{"fix":"Run npm install nextjs-cors --save or yarn add nextjs-cors.","cause":"Package not installed, or installed in wrong environment (e.g., missing from dependencies).","error":"Error: Cannot find module 'nextjs-cors'"},{"fix":"Ensure NextCors is called early in the handler, and do not call res.end() before it.","cause":"NextCors is called after response has already been sent or multiple calls to NextCors occur.","error":"CORS request failed with status 500: \"Cannot set headers after they are sent to the client\""}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}