Ninjavin Writes
Mastering CORS Handling with devServer.proxy

Mastering CORS Handling with devServer.proxy

Vineeta Jain's photo
Vineeta Jain
·

3 min read

A few days ago, I encountered a challenge that many frontend developers face—dealing with CORS (Cross-Origin Resource Sharing) errors. My application, running locally, needed to fetch data from a remote API, but the infamous browser error popped up: "Access to fetch at '...' from origin '...' has been blocked by CORS policy."

Instead of applying temporary fixes or workarounds, I decided to dive deeper and solve this issue in a structured and sustainable way. The solution turned out to be simpler and more effective than I initially imagined, thanks to Webpack's devServer.proxy. Here’s what I learned and how you can apply it too.

What Is CORS and Why Does It Matter?

CORS is a browser-enforced security feature designed to prevent unauthorized cross-origin requests. It ensures that only specified domains can access a resource, protecting servers from malicious actors. However, during development, this restriction often causes headaches.

Key CORS Headers

  • Access-Control-Allow-Origin: Specifies the permitted origins for resource access.

  • Access-Control-Allow-Methods: Lists allowed HTTP methods (e.g., GET, POST).

  • Access-Control-Allow-Headers: Defines headers that can be sent with requests.

When my frontend app on http://localhost:3000 tried to fetch data from https://api.example.com, the server’s missing CORS headers caused the browser to block the request.

Leveraging devServer.proxy

After a bit of research, I realized Webpack’s devServer.proxy could solve the problem by acting as a middleware. It proxies requests from the frontend to the backend, bypassing CORS restrictions during development.

Initial Setup

Here’s the basic proxy configuration I used in my webpack.config.js:

module.exports = {
  devServer: {
    proxy: {
      '/api': {
        target: 'https://api.example.com',
        changeOrigin: true,
      },
    },
  },
};

This setup redirects all requests starting with /api to the backend server. The changeOrigin option ensures that the Host header in the request matches the target server. This resolved my CORS errors immediately.

Enhancing the Proxy Configuration

As the project progressed, I needed to:

  1. Rewrite API paths.

  2. Add an Authorization token to each request.

Updated Configuration

Here’s the refined setup:

module.exports = {
  devServer: {
    proxy: {
      '/api': {
        target: 'https://api.example.com',
        changeOrigin: true,
        pathRewrite: { '^/api': '' },
        onProxyReq: (proxyReq) => {
          proxyReq.setHeader('Authorization', 'Bearer my-token');
        },
      },
    },
  },
};

Key Additions

  1. pathRewrite: Removes the /api prefix before forwarding requests to the backend.

  2. onProxyReq: Adds a custom Authorization header to each outgoing request, enabling secure communication.

These adjustments made the proxy not only functional but also aligned with project-specific requirements.

Final Thoughts

Dealing with CORS errors can be daunting, but understanding the underlying principles and leveraging tools like Webpack’s devServer.proxy can make the process seamless. This solution not only resolved my immediate issue but also provided insights into creating robust and secure development workflows.

If you’re struggling with CORS during development, give this approach a try. It might save you hours of frustration and set you up for long-term success. Happy coding!

codingCORSproxyProxy Serverwebpack