Firebase Studio Community

[Bug] CORS / allowedDevOrigins issue in Next.js 15 when running in Firebase Cloud Workstations

Solution_Lop July 1, 2025, 1:01pm 1

When running next dev (Next.js 15, canary) ** in Firebase Studio**, I get the following error in the browser console:

⚠ Blocked cross-origin request from 6000-firebase-studio-xxxxx.cloudworkstations.dev to /_next/* resource.
To allow this, configure "allowedDevOrigins" in next.config

Despite attempts to configure the origin, requests to /_next/ resources are blocked due to CORS policy. This breaks dev mode completely — the page doesn’t load static assets (JS/CSS).

What I tried

Set allowedDevOrigins: ["https://6000-firebase-studio-xxxxx.cloudworkstations.dev"] in next.config.js
Also tried using a wildcard:

Set `allowedDevOrigins: ["*.cloudworkstations.dev"]

Question

Is this the expected behavior?
Is there a correct way to define allowedDevOrigins in this remote browser-based dev setup?
If this is enforced for security — can this be relaxed in dev with a flag?

dms July 1, 2025, 4:47pm 2

Are you placing the allowedDevOrigins in your next.config.js file?

{
  allowedDevOrigins: ['local-origin.dev', '*.local-origin.dev'],
}

Solution_Lop July 1, 2025, 9:29pm 3

Yes. * Is there a correct way to define allowedDevOrigins in this remote browser-based dev setup?

Solution_Lop:

What I tried

Set allowedDevOrigins: ["https://6000-firebase-studio-xxxxx.cloudworkstations.dev"] in next.config.js

Also tried using a wildcard:
Set `allowedDevOrigins: ["*.cloudworkstations.dev"]

Topic		Replies	Views	Activity
CORS (next.js, firebase emulators) General	0	566	June 12, 2024
CORS Issue: Blocked cross-origin request General	0	24	June 3, 2025
CORS Issue with Firebase Emulator UI in Project IDX Environment General	2	598	December 8, 2024
NextJS : Hot Reload not working General	7	152	April 29, 2025
CORS Issue When Migrating Project to IDX General	13	2573	December 30, 2024