Fix next/image Hostname Not Configured in Next.js
Technology

Fix next/image Hostname Not Configured in Next.js

next/image strictly allow-lists remote hosts. The fix is images.remotePatterns in next.config — matched exactly on protocol, hostname, port, and pathname. Get one wrong (http vs https, a subdomain, a missing port) and it still blocks.

2026-06-18
7 min read
Fix next/image Hostname Not Configured in Next.js

You drop a remote image into <Image> and the page explodes:

text
Invalid src prop (https://cdn.example.com/photo.jpg) on `next/image`,
hostname "cdn.example.com" is not configured under images in your
next.config.js

next/image strictly allow-lists the hosts it will optimize — remote image servers are often shared between tenants, so allow-listing protects your optimizer from being pointed at arbitrary URLs. The fix is one config block, but the matching is unforgiving.

The fix: images.remotePatterns#

Add the host with explicit fields:

js
// next.config.js
module.exports = {
  images: {
    remotePatterns: [
      {
        protocol: 'https',
        hostname: 'cdn.example.com',
        port: '',
        pathname: '/photos/**',
      },
    ],
  },
}

Then restart the dev servernext.config is read once at startup and is not hot-reloaded.

Why it still blocks after you 'added the domain'

Every part of the URL is matched exactly and case-sensitively:

  • Protocolhttphttps
  • Hostnameexample.comwww.example.comassets.example.com
  • Port — if present (:3000 in dev), it must be included
  • Pathname — must be covered by the glob; /images/ does not match /images/photo.jpg, you need /images/**

Wildcard rules#

* and ** behave differently — and ** only works at the edges:

  • * — a single path segment, or a single subdomain
  • ** — any number of trailing path segments, or any number of leading subdomains
js
// allows image.example.com, cdn.example.com, etc.
{ protocol: 'https', hostname: '**.example.com' }

Omitting protocol, port, pathname, or search makes them wildcard — the docs explicitly call this not recommended for security. In particular, omitting search allows all query strings.

Newer shorthand (Next 15.3.0+)

Since v15.3.0 you can pass URL objects: remotePatterns: [new URL('https://cdn.example.com/photos/**')]. On older versions, use the object form.

Why not images.domains?#

You'll see older answers using images.domains: ['cdn.example.com']. It still works, but the official docs mark it deprecated since Next.js 14 "in favor of strict remotePatterns in order to protect your application from malicious users." domains is a flat hostname list with no wildcard, protocol, port, or pathname control. Migrate:

Don't
images: { domains: ['cdn.example.com'] } // deprecated since Next 14, no protocol/port/path control
Do
images: { remotePatterns: [{ protocol: 'https', hostname: 'cdn.example.com', pathname: '/photos/**' }] }

Escape hatches (and their cost)#

  • unoptimized — a prop (or images.unoptimized: true globally) that skips the optimization pipeline and bypasses the allow-list. Right for tiny images, SVGs, or images that need auth headers (the optimizer doesn't forward them). Tradeoff: no resizing, no format conversion, no optimized caching.
  • loader / loaderFile — offload optimization to Cloudinary, Imgix, Supabase, etc. via a function ({ src, width, quality }) => string. Tradeoff: a custom loaderFile requires Client Components and hands optimization to a third party.
When this won't work
  • The image needs authentication — the built-in optimizer doesn't forward headers; use unoptimized or a custom loader.
  • You're on Next.js before 12.3 — remotePatterns isn't stable there; the search prop needs 14.2.14+, and URL-object shorthand needs 15.3.0+.

Official references: next/image "Un-configured Host" error, Image component / remotePatterns, images config.

Related Articles#

Frequently Asked Questions#

How do I fix "hostname is not configured under images"?#

Add the host to images.remotePatterns in next.config with the exact protocol, hostname, port, and pathname, then restart the dev server.

Should I use images.domains or images.remotePatterns?#

Use remotePatterns. images.domains was deprecated in Next.js 14 in favor of the stricter, more capable remotePatterns.

Why does it still fail after I added the domain?#

Matching is exact and case-sensitive: http vs https, a subdomain mismatch, a missing port, or a too-narrow pathname all block it. And restart the dev server — next.config is read only at startup.

Frequently Asked Questions

|

Have more questions? Contact us

Written by

Mahdi Br
Mahdi Br

Full-Stack Dev — Next.js & Supabase

Solo developer building SaaS products with Next.js and Supabase. Writing about production patterns the official docs skip.

Remote

One email a month — no fluff

RLS gotchas, Next.js cache debugging, and the one Supabase setting that bit me last month.

Continue Reading

Fix Supabase Auth Session Not Persisting (Next.js 2026)
technology

Fix Supabase Auth Session Not Persisting (Next.js 2026)

Supabase auth sessions mysteriously disappearing after page refresh? Learn the exact cause and fix it in 5 minutes with this tested solution.

2026-02-16
8 min read
Fix Next.js revalidatePath Not Working in Server Actions
Technology

Fix Next.js revalidatePath Not Working in Server Actions

Your Server Action mutates data but the page shows stale values until you hard-refresh. `revalidatePath` is one of those APIs that "succeeds" while doing nothing. Here are the six reasons it no-ops, with the exact fix for each — including the one nobody tells you about: `dynamic = 'force-static'`.

2026-05-19
8 min read
Fix port setting in Next.js
Technology

Fix port setting in Next.js

Change the default Next.js port when it collides with another process. Step‑by‑step fix with code, verification, and prevention tips.

2026-06-02
7 min read

Browse by Topic

Find stories that matter to you.