I get an error in the pre-flight request. I tested in Chrome, Edge, FF.
Access to fetch at ‘https://ipfs.infura.io:5001/api/v0/add?stream-channels=true&progress=false’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
The “authorization” header makes browser to send preflight request with headers:
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: POST
But response from the ipfs.infura doesn’t contain:
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Origin: origin
It means, I think, that Infura IPFS API server is not set up properly. Is it correct? If yes, please set up Infura IPFS API server, if not, could you provide a workaround?
I’m with @festbot here. This is not a client error, this is a server error that needs to be fixed by Infura team. The API cannot be accessed through a browser, though it works fine through console / backend.
It appears the problem is the addition of the authorization header. This makes the request complex and then it hits CORS restrictions. When tested on my local node, without the auth header, everything works. With the auth header, no matter what configuration I try with the node, including
Hi,
We’re experiencing the same issue. We’re trying out the IPFS beta API with authorization headers and getting CORS errors.
Posts to https://ipfs.infura.io:5001/api/v0/add without any authentication work fine, it’s only after trying with authentication that the issues arise.
Thanks for your time.
@Infura team, is this the level of support to be expected? Doesn’t inspire a lot of trust in using the service if such a basic issue as CORS cannot be handled properly on the server-side.
Hey @festbot, @Crypto.Joe, @Theodore_Michels, and @ti0 - try the below code and let me know if that still runs into the CORS error. I was able to make it work with this code with no CORS errors:
It appears there was an update to ipfs-http-client that may be causing an error with our example code.
If that doesn’t appear to be the issue, can you send a picture of the browser dev-tools output so we can see how your security settings are responding?
Access to fetch at 'https://ipfs.infura.io:5001/api/v0/add?stream-channels=true&progress=false' from origin 'http://127.0.0.1:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I get the exact same behaviour with the IPFS server when installed locally. It’s triggered when you have a ‘complex header’ but not when you are not adding the auth field. I suspect it’s just never adding the Access-Control-Allow-Oriigin to the header and that only has an impact with complex headers.
@Leiya_Kenney yes , unfortunately i am, i have not found any solution and have been looking for over a week.
If i do a call and include the infura header it returns this:
Access to fetch at ‘https://ipfs.infura.io:5001/api/v0/add?stream-channels=true&progress=false’ from origin ‘http://localhost:8888’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
We are experiencing the same error on our side when using the authorization header. Along with this dummy trash talk with community support staff, could we get some developers to look into this issue? It’s a core requirement for using your IPFS service from browsers. Not everyone uses this from the backend side. How can this encourage anyone to use your IPFS service if nobody is even trying to fix this configuration issue?