eiTan
December 16, 2018, 1:43pm
#1
Hi, we’ve started getting this:
Access to fetch at ‘https://ipfs.infura.io:5001/api/v0/add?pin=true&stream-channels=true ’ from origin ‘https://test.app.2key.network ’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
Anyone know what’s going on?
mike
December 18, 2018, 7:26pm
#2
We haven’t made any changes to our cors policy in a couple months. It’s possible you’re getting an error which does not have cors headers and is causing the response to come back that way.
Can you provide information on the requests you’re sending, volume, size, code snippet, etc.
Im also having CORS issues on Infura mainent?
Which browsers are you guys currently using?
I find Safari and iOS are the most affected, there a several issues around this at the moment, it would be great to get some resolution to this, at the moment our DApp basically is dead in the water if we want to use Infura on Safari?
opened 02:28PM - 06 Nov 18 UTC
closed 04:18PM - 30 Sep 19 UTC
Infura does not work on Safari (both Mac and iOS versions), as Safari does not s… upport wildcards in CORS headers and refuses to connect with the following error:
> Failed to load resource: Origin https://example.com is not allowed by Access-Control-Allow-Origin
In order to fix this, you need to replace this header `access-control-allow-origin: *` with an explicit URI - ie. `Access-Control-Allow-Origin: https://example.com`.
[According to Mozilla](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin), the best practice is to take the `Origin` from request headers and copy it to the response's `Access-Control-Allow-Origin` header instead of using a wildcard.
Chrome and Firefox work fine with the current headers.
opened 01:04PM - 27 Jul 18 UTC
closed 03:29PM - 25 Mar 19 UTC
Bug
The latest change in httpprovider breaks CORS with ganache and possibly other to… ols (for me at least), where the CORS-domain cannot be set explicitly.
Chrome comes up with the following error message: "Failed to load http://localhost:7545/: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'null' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute."
Reproduce this issue by using the web3 0.20, e.g. "npm install web3@0.20" and then a simple index.html with the most simplistic content opening in Chrome:
```
<!doctype html>
<html>
<head>
<script src="node_modules/web3/dist/web3.js" type="text/javascript"></script>
</head>
<body>
<div>Here is some content.</div>
<script>
var web3;
if (typeof web3 !== 'undefined') {
web3 = new Web3(web3.currentProvider);
} else {
// set the provider you want from Web3.providers
web3 = new Web3(new Web3.providers.HttpProvider("http://localhost:7545"));
}
</script>
</body>
</html>
```
Anything I can do on my side?
https://github.com/ethereum/web3.js/blob/b4c1542ddb5284267f6814ba0106bfbbc83fe166/lib/web3/httpprovider.js#L66
opened 09:16PM - 17 Jan 18 UTC
closed 06:26PM - 19 Jan 18 UTC
When calling
`https://api.infura.io/v1/jsonrpc/rinkeby/eth_call?params=%5B%7B%… 0D%0A%09%09"to"%3A%20"0x737A4FA0eDBcc8c29d74cd2cebA315314E2C608A"%2C%0D%0A%09%09"data"%3A%20"0x6d4ce63c"%0D%0A%09%7D%2C%0D%0A%09"latest"%0D%0A%5D` from a vue.js app I get the following error:
```
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
```
Accessing the URL in chrome or postman works – and the call from the vue app was working yesterday! In fact, looking at the response in dev tools shows that body contains the excepted result of the contract method call, and the status is 200, but the call still fails, perhaps due to a missing `Access-Control-Allow-Origin` header in the response.
I have tried setting a header on the request like so:
```
Vue.http.headers.common['Access-Control-Allow-Origin'] = '*'
```
This causes a OPTIONS call to be made before the GET call, but this fails with a 405 status.
**Request headers for GET call**
```
:authority:api.infura.io
:method:GET
:path:/v1/jsonrpc/rinkeby/eth_call?params=%5B%7B%0D%0A%09%09%22to%22%3A%20%220x737A4FA0eDBcc8c29d74cd2cebA315314E2C608A%22%2C%0D%0A%09%09%22data%22%3A%20%220x6d4ce63c%22%0D%0A%09%7D%2C%0D%0A%09%22latest%22%0D%0A%5D
:scheme:https
accept:application/json, text/plain, */*
accept-encoding:gzip, deflate, br
accept-language:sv,en-US;q=0.9,en;q=0.8,de;q=0.7,da;q=0.6,nl;q=0.5
dnt:1
origin:http://localhost:8080
referer:http://localhost:8080/stack
user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
```
**Response headers for GET call**
```
accept-ranges:bytes
age:0
content-encoding:gzip
content-length:138
content-type:application/json
date:Wed, 17 Jan 2018 21:10:28 GMT
fastly-debug-digest:f89d5cffbe910a1431760e1ba646c75479030e010cd006ab5a7f83e550e675fe
status:200
vary:Accept-Encoding
via:1.1 varnish
via:1.1 varnish
x-cache:MISS, MISS
x-cache-hits:0, 0
x-served-by:cache-iad2144-IAD, cache-hhn1541-HHN
x-timer:S1516223429.763915,VS0,VE115
```
Any help or suggestions on how to fix this would be awesome.
thanks guys
Meo
March 7, 2019, 11:21am
#6
I encounter the same problem when using ipfs.infura and using Chrome.
Error: Access to fetch at ‘https://ipfs.infura.io:5001/api/v0/add?stream-channels=true ’ from origin ‘http://localhost:3000 ’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
My code previously worked a few weeks ago.
Hi,
Confirming the problem here, and it was working perfectly yesterday…
It might be because I upgraded my browsers… Ubuntu + Firefox 65.0.1 + Chrome 70.0.3538.77
I’ll ask colleagues to see if they have the same problem.
Edit: same for colleagues, and it’s unlikely they had no browser upgrade
mike
March 7, 2019, 5:10pm
#8
Are you still experiencing issues?
1 Like
If you got here looking for why web3 calls are failing due to CORS headers, here is a post for that. Infura CORS Issue with Gecko and Webkit
Summary: Web3 is fixing the issue, in release beta-.51
azra3l
January 24, 2023, 11:06am
#11
It’s 2023 and I am having the same error, all I simply did was create my url using ‘https://ipfs.io/ipfs/${added.path} ’ instead of ‘https://ipfs.infura.io/ipfs/${added.path} ’
