mporwoll/cms.c2sgmbh
1
0
Fork 0
mirror of https://github.com/complexcaresolutions/cms.c2sgmbh.git synced 2026-03-17 15:04:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

revert: remove unnecessary serverActions.allowedOrigins

Browse source 
The 403 "Forbidden" on production was caused by ModSecurity WAF
(OWASP CRS 3.3.7) blocking PATCH/POST requests at the nginx layer,
not by Next.js server actions CSRF. Nginx proxy_set_header Host $host
ensures Origin and Host always match, making allowedOrigins redundant.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Martin Porwoll 2026-02-25 13:52:34 +00:00
parent a77c2b747d
commit a5f8c43f81
1 changed files with 0 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
next.config.mjs
View file

@ -7,14 +7,6 @@ const nextConfig = {
// Use fewer workers for builds on low-memory systems // Use fewer workers for builds on low-memory systems
workerThreads: false, workerThreads: false,
cpus: 1, cpus: 1,
// Allow server actions from these origins (behind reverse proxy)
serverActions: {
allowedOrigins: [
'pl.porwoll.tech',
'pl.c2sgmbh.de',
'cms.c2sgmbh.de',
],
},
}, },
// Webpack configuration for TypeScript/ESM compatibility // Webpack configuration for TypeScript/ESM compatibility
webpack: (webpackConfig) => { webpack: (webpackConfig) => {