hi! hw can I restrict access to my Vercel APIs so that they only respond to requests from my own domain?
Currently, my APIs are publicly available, and I want to ensure they only respond when the requests originate from my domain. What is the best way to configure this restriction within Vercel?
next 14.2, App router, Vercel Pro
I think the best way to go about this is to create a middleware.ts file in your project and add in the origin checking and set the CORS headers. Here’s a link to Next.js’s docs on this
Thanks for the reply.
A few headers containing the domain name, such as:
forwarded: 'for=xxx.xxx.xxx.xxx;host=www.DOMAIN.com;proto=https'host: 'www.DOMAIN.com'x-forwarded-host: 'www.DOMAIN.com'exist with almost every request. These headers I took from the domain.com/api... request, I made it directly from the browser. This means that if I only allow these headers, they would have no real significance, since they are present whenever someone accesses domain.com/api... directly.
P.S. The Origin header, unfortunately, does not exist in most cases.