Hi @dark horizon. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
#dynamic nextjs server action allowedOrigins
slender oasisBOT
In Next.js, the allowedOrigins option in the serverActions configuration is used to specify a list of safe origin domains from which Server Actions can be invoked. This is a security measure to prevent Cross-Site Request Forgery (CSRF) attacks. By default, only the same origin is allowed.
If you have a use case where your SaaS works with many custom domains, one custom domain per customer, you can use wildcard patterns in the allowedOrigins configuration. This feature is available in the canary version of Next.js.
Here is an example of how to use wildcards:
module.exports = {
experimental: {
serverActions: {
allowedOrigins: ['*.mydomain.com'],
},
},
}
In this example, any subdomain of mydomain.com is allowed. Replace mydomain.com with your domain.
Please note that the wildcard pattern should match the pattern of your users' custom domains. If the pattern is unpredictable, this approach may not work.
Sources:
- Github Issue (open): Cannot run Server Actions in GitHub Codespaces or VSCode Tunnel > Comments Part 3 (https://github.com/vercel/next.js/issues/58019)
- Next.js > Docs > App > Api-reference > Next-config-js > serverActions (https://nextjs.org/docs/app/api-reference/next-config-js/serverActions)
- Next.js > Docs > App > Building-your-application > Data-fetching > Server Actions and Mutations > Security > Allowed origins (advanced) (https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations#allowed-origins-advanced)
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
dark horizon
@slender oasis can i pass allowedOrigins: ["*"]
slender oasisBOT
Let me check the knowledge base for you. One moment! :books:
No, passing allowedOrigins: ["*"] is not supported in Next.js. The allowedOrigins configuration in serverActions is designed to prevent Cross-Site Request Forgery (CSRF) attacks by only allowing Server Actions to be invoked from specific origins. Using a wildcard "*" would defeat this security measure by allowing any origin.
If you need to allow multiple origins, you should list them explicitly in the allowedOrigins array. If the origins include subdomains, you can use a wildcard for the subdomain part, like *.mydomain.com.
Here is an example:
module.exports = {
experimental: {
serverActions: {
allowedOrigins: ['mydomain.com', '*.mydomain.com'],
},
},
}
In this example, mydomain.com and any subdomain of mydomain.com are allowed.
Sources:
- Next.js > Docs > App > Api-reference > Next-config-js > serverActions (https://nextjs.org/docs/app/api-reference/next-config-js/serverActions)
- Next.js > Docs > App > Building-your-application > Data-fetching > Server Actions and Mutations > Security > Allowed origins (advanced) (https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations#allowed-origins-advanced)
- Github Issue (open): Cannot run Server Actions in GitHub Codespaces or VSCode Tunnel > Comments Part 3 (https://github.com/vercel/next.js/issues/58019)
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
dark horizon
@slender oasis my site allows user to assign custom domain apart from the base subdomain urls
so how do i support the custom domains
slender oasisBOT
Let me check the knowledge base for you. One moment! :books:
To support custom domains in your Next.js application, you can follow these steps:
-
Allow users to add custom domains: You can provide an interface for your users to add their custom domains. Once a user adds a custom domain, you will need to store this information in your database.
-
Handle duplicate content between subdomain and custom domain: Since you are generating two different sites for subdomains and custom domains, you can improve on this by:
- Redirecting subdomain to custom domain if it exists. You can do this by adding a section in your code that performs the redirection.
- Setting a canonical URL that points to the custom domain if it exists. This helps search engines understand that the custom domain is the primary domain.
-
Allow adding and redirecting
www.subdomains to apex domain: As a platform owner, you might want to allow your users to addwww.subdomains along with their apex domain (and have the former redirect to the latter). To achieve this, you will need to make an additional API call to the Vercel Domains API to add thewww.version for a domain and set a redirect attribute to make it redirect to the apex domain. -
Configure subdomains: You can configure subdomains either with a CNAME record or through the Nameservers method.
-
Add custom domains for each project: You can add custom domains for each project in your Next.js application.
Remember to update the allowedOrigins configuration in your serverActions to include the new custom domains.
Sources:
- Vercel > Guides > Caveats (https://vercel.com/guides/nextjs-multi-tenant-application#caveats)
- Vercel > Docs > Projects > Domains > Adding & Configuring a Custom Domain > Add and configure domain > Subdomains (https://vercel.com/docs/projects/domains/add-a-domain#subdomains)
- Vercel > Docs > Projects > Projects Overview > Custom domains (https://vercel.com/docs/projects/overview#custom-domains)
- Templates > Next.js > What is a multi-tenant application? (https://vercel.com/templates/next.js/platforms-starter-kit)
- Vercel > Guides > How to Build a Multi-Tenant App with Custom Domains Using Next.js (https://vercel.com/guides/nextjs-multi-tenant-application)
- Templates > Next.js > Hostname Rewrites Part 1 (https://vercel.com/templates/next.js/hostname-rewrites)
- Vercel > Docs > Deployments > Accessing Deployments through Generated URLs > Preview Deployment Suffix (https://vercel.com/docs/deployments/generated-urls#preview-deployment-suffix)
- Templates > Next.js > Features (https://vercel.com/templates/next.js/platforms-starter-kit)
- Vercel > Guides > How can I use special characters in my custom domain on Vercel? (https://vercel.com/guides/how-can-i-use-special-characters-in-my-custom-domain)
- Vercel > Docs > Projects > Domains > Working with domains > Subdomains, wildcard domains, and apex domains > Subdomain (https://vercel.com/docs/projects/domains/working-with-domains#subdomain)