While using Infura v3 as my provider for web3js @1.0.0-beta I’m getting CORS blocked errors in all browsers that aren’t Chrome.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://rinkeby.infura.io/v3/key. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
I brought this up with the Web3 team in github and they seemed to think by adding headers to the request it would solve the issue. Unless Infura is acting on response headers I don’t think this is going solve the issue.
Link to github issue: https://github.com/ethereum/web3.js/issues/2559
My understanding is that Infura needs to be setting to Access-Control-Allow-Origin header on the http response.
The weird piece is that in Chrome the response headers are set correctly on the preflight request:
- access-control-allow-headers:Content-Type
- access-control-allow-methods:POST
- access-control-allow-origin: *
In firefox the response headers for the preflight request do not include the access-control headers
The two requests in both firefox and chrome both set request headers in the preflight to:
Access-Control-Request-Headers: content-type,user-agent
Access-Control-Request-Method: POST
Would indeed adding the Access-Control-Allow-Origin in the preflight request header fix the issue?
I’m wondering if you guys could check this out and make sure the headers being set by Infura are correct and work with Gecko, Webkit, and Blink