Redirect API / Proxy - NOT WORKING!

Hello guy’s I want to set proxy on my react app which is hosted in Netlify but im getting in trouble.
Im hosting the backend server on with this CORS config:
const corsOptions = {
origin: [”,
optionsSuccessStatus: 200,
allowedHeaders: “Content-Type, Authorization”,
credentials: true,
maxAge: 7200,
origin: (origin, callback) => {
if (corsOptions.origin.includes(origin) || !origin) {
callback(null, true);
} else {
callback(new Error(‘Not allowed by CORS’));
…corsOptions // Spread the properties of corsOptions here

untile here all good. When i host the react app myself on my localhost and set a proxy in the package json it work wonderful but when I try to set the netlify configs it’s not working.
I created a netlify.toml file in the root direction and i did this[[redirects]]
from = “/api/*”
to = “/.netlify/functions/proxy/:splat”
status = 200

from = “/*”
to = “/index.html”
status = 200

What should I do to fix it ?

hi there, before we dig in, did you see this guide on debugging redirects?

I strongly suggest you give it a thorough read through and see if this fixes your problem:

if not, please post again, and we’ll try and troubleshoot.

from = “/api/*”
to = "”
status = 200

I fix it by adding api affter the url in “to” now everything work but when user try to logout its not removeing the token. i tryedn js-cookie in react app as well but unfortunally not working.
Everything other work

If you’re setting a HTTP-only cookie, you’d have to remove the cookie from the server-itself. So you’d have to add something like res.clearCookie() in Express.

Its not that, its exacly the same on my backend, the app work on local.
I tried to debug it and i fond its something with the envirments in netlify (the redirects configs).
It work only once when i restart my server. And when i log in for 2th time i cant log out affter that.

It remove the cookies but when page refresh cookie is pop up again.

Without your site details and a test account, we cannot say anything more.

It work localy but I cant set up the environment, do /* has to be after /api/* and which si better .toml file or _redirects fiel

:wave: @ShadowPaw

Redirects in the _redirects file take precedence over those in the netlify.toml file. The redirects engine processes the first matching rule it finds, reading from top to bottom. Rules in the _redirects file are always processed first, followed by rules in the Netlify configuration file.

Here is the order in which redirects and rewrites are processed:

  1. Redirects and rewrites in the _redirects file. These are read in order until a match is found, then processing stops.
  2. Redirects and rewrites in the netlify.toml file. None of these are read if one previous rule has already matched.

All that said, /* has to be after /api/* if you want the /api/* redirect rule to process.

Hope this helps!

theese are my redirects:
/api/* 200

/* /index.html 200
this my build command:
Build command
npm run build && cp _redirects frontend/build/_redirects

Publish directory

And this is my User model:
const mongoose = require(“mongoose”);
const validator = require(“validator”);
const bcrypt = require(“bcryptjs”);
const jwt = require(“jsonwebtoken”);
const crypto = require(“crypto”);

const userSchema = new mongoose.Schema({
name: {
type: String,
required: [true, “Please enter your name”],
maxLength: [30, “Your name cannot exceed 30 characters”],
email: {
type: String,
required: [true, “Please enter your email”],
unique: true,
validate: [validator.isEmail, “Please enter valid email address”],
password: {
type: String,
required: [true, “Please enter your password”],
minLength: [6, “Your password must be longer than 6 characters”],
select: false,
avatar: {
public_id: {
type: String,
required: true,
url: {
type: String,
required: true,
role: {
type: String,
default: “user”,
createdAt: {
type: Date,
resetPasswordToken: String,
resetPasswordExpire: Date,
//Encrypt password
userSchema.pre(“save”, async function (next) {
if (!this.isModified(“password”)) {
this.password = await bcrypt.hash(this.password, 10);
//Compare user password
userSchema.methods.comparePassword = async function (enteredPassword) {
return await, this.password);
// Return JWT Token
userSchema.methods.getJwtToken = function () {
return jwt.sign({ id: this._id }, process.env.JWT_SECRET, {
expiresIn: process.env.JWT_EXPIRES_TIME,
//Generate password reset token
userSchema.methods.getResetPasswordToken = function () {
//Generate token
const resetToken = crypto.randomBytes(20).toString(“hex”);

//Hash and set to resetPasswordToken
this.resetPasswordToken = crypto

//Set token expire time and set it
this.resetPasswordExpire = + 30 * 60 * 1000;

return resetToken;

module.exports = mongoose.model(“Userback”, userSchema);

And still not working, I can logout only the first time i log in. If i log in for a second time even with the same account and then logout it refresh the page and token comes again (not clearing).
It work on local and how i said i can logout but only once.
Thats very strange, shall i configurate my

and this is my JWTToken utility

//Create and send token and save in the cookie.
const sendToken = (user, statusCode, res) => {
//Create Jwt Token
const token = user.getJwtToken();

//Options for cookie
const options = {
expires: new Date( + process.env.COOKIE_EXPIRES_TIME * 24 * 60 * 60 * 1000
httpOnly: true,

res.status(statusCode).cookie(“token”, token, options).json({
success: true,

module.exports = sendToken;

_redirects file not working only netlify.toml

We can go back-and-forth about this, @ShadowPaw, but this:

would not change. We need to see the issue happen., and you can do a registration yourself but sometimes backend server is not starting immediately and you have to refresh the page few time before it start, otherwise it will stay on loading, thank you.

I’m getting a HTTP 500 from your API when trying to register. Do you have an account directly that we can use to test?

I think beacuse server wasn’t started beacuse I can register though the register form. Profile picture required but bugs not fixed yet. However i created an account for you.
You will be able to logout once but if you login again you wont be able, cookies not clearing on logout button.

If you can’t login try start the server firat:

Im useing free host and backend server stops if not used

Test account:

Password: 123123

No, I waited for the server - the 500 was coming specifically from your server as mentioned by the request.

About the issue, I was able to login with the credentials you provided and tried logging in/out a couple of times. I was always about to login and logout without issues. Is there something specific I need to do to trigger the issue?

At this point, it’s starting to look less and less like a Netlify issue.

The video I attached is tested on Android but I tried on Desktop as well, its not about the OS. Everyone who is trying to log out cant. I did some debug and I found the cookie is not clearing on deploying. How I said before when i host frontend localy it work :disappointed:

(Attachment Screen_Recording_20230917_101853_Chrome.mp4 is missing)

I don’t see any video, it’s just text.

Also, Netlify being the frontend can’t clear your cookie. Your backend needs to clear to cookie - thus, bringing me back to the point that this doesn’t seem like a Netlify issue.

Its definitely Netflly issue and yes my backend clearing cookie but netlify environment configs not working properly. I will upload the video somewhere because i received an email attachment failed.

Netlify has literally 0 control over your cookie clearing mechanisms.

As I can see, your backend is clearing the cookie:

and that’s the only one that can clear the cookie.

What I’m assuming is, your backend might be stopping before you logout and thus, the cookie is not getting cleared.