Blog

Next.js App Router route handlers: CORS in Route Handlers, Edge versus Node runtime, and middleware layering

Export `OPTIONS` alongside `GET` and `POST` in `route.ts` files—browsers preflight before hitting your handler logic.

Published: 2027-11-02Updated: 2027-11-041 min read

nextjsapp-routercors

Caching

`export const dynamic` settings affect whether CORS headers appear on cached shell responses.

ISR revalidation should not strip Vary: Origin from JSON APIs behind the same hostname as the SPA.

ReadableStream responses must emit CORS headers before the first chunk for credentialed fetches.

After() API from Next can extend background work—do not mutate headers post-commit.