`x-forwarded-host` header with value `localhost:3000` does not match `origin` header with value `app.localhost:3000` from a forwarded Server Actions request. Aborting the action.
⨯ Error: Invalid Server Actions request.
at AsyncLocalStorage.run (node:async_hooks:338:14)
at AsyncLocalStorage.run (node:async_hooks:338:14)
As an additional protection Server Actions in Next.js 14 also compares the Origin header to the Host header (or X-Forwarded-Host). If they don't match, the Action will be rejected.
As workaround it works to configure the allowedOrigins in the next.config.js:
I followed https://github.com/vercel/platforms/discussions/341 and updated my project to Next.js 14. When saving a form the Server Action is triggered and the following error occurs:
This seems to make sense in the context of the Next.js update. https://nextjs.org/blog/security-nextjs-server-components-actions describes it:
As workaround it works to configure the
allowedOrigins
in thenext.config.js
:This happens only in my copy of the platforms code. In the original code (which was just updated to Next.js 14 https://github.com/vercel/platforms/commit/841619c772664574c0f7c8836102631cfafb137d ) it seems to work without this workaround.
Any idea why this is the case? :-)