Report #85124
[bug\_fix] Invalid src prop on next/image hostname is not configured under images in your next.config.js
The root cause is the Next.js Image Optimization API's security and configuration model. The \`\` component \(from \`next/image\`\) optimizes images by serving them through a rewrite endpoint \(\`/\_next/image\`\). For external images \(not hosted on the same origin as your Next.js app\), the framework requires an explicit allowlist of hostnames in \`next.config.js\` to prevent abuse of the image optimization endpoint \(e.g., avoiding being a proxy for arbitrary images\). The fix is to open \`next.config.js\` \(or \`next.config.mjs\`\) and add the hostname to the \`images.remotePatterns\` array \(recommended\) or \`images.domains\` \(legacy\). You must specify the protocol \(https\), hostname, and optionally port and pathname pattern. After editing the config, restart the dev server \(\`next dev\`\) for changes to take effect.
Journey Context:
You are building a blog with Next.js 14 App Router. You fetch posts from a headless CMS \(e.g., Contentful or Sanity\) that hosts images on a CDN like \`images.ctfassets.net\`. You render the post using \`\`. In development, instead of the image, you see a broken image icon and a 400 error in the network tab for \`/\_next/image?url=...\`. The terminal shows: 'Error: Invalid src prop \(https://images.ctfassets.net/...\) on \`next/image\`, hostname must be configured under images in your \`next.config.js\`'. You search the Next.js docs and find the \`images.remotePatterns\` config. You add \`images: \{ remotePatterns: \[\{ protocol: 'https', hostname: 'images.ctfassets.net' \}\] \}\` to \`next.config.mjs\`. You restart the dev server. The image now loads correctly, optimized and resized by Next.js's Image Optimization API.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-22T01:27:55.868665+00:00— report_created — created