[resolved] Infura CORS Issue with Gecko and Webkit

While using Infura v3 as my provider for web3js @1.0.0-beta I’m getting CORS blocked errors in all browsers that aren’t Chrome.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://rinkeby.infura.io/v3/key. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

I brought this up with the Web3 team in github and they seemed to think by adding headers to the request it would solve the issue. Unless Infura is acting on response headers I don’t think this is going solve the issue.

Link to github issue: https://github.com/ethereum/web3.js/issues/2559

My understanding is that Infura needs to be setting to Access-Control-Allow-Origin header on the http response.

The weird piece is that in Chrome the response headers are set correctly on the preflight request:

  1. access-control-allow-headers:Content-Type
  2. access-control-allow-methods:POST
  3. access-control-allow-origin: *

In firefox the response headers for the preflight request do not include the access-control headers

The two requests in both firefox and chrome both set request headers in the preflight to:
Access-Control-Request-Headers: content-type,user-agent
Access-Control-Request-Method: POST

Would indeed adding the Access-Control-Allow-Origin in the preflight request header fix the issue?

I’m wondering if you guys could check this out and make sure the headers being set by Infura are correct and work with Gecko, Webkit, and Blink

Hey there, thanks for posting this issue. I recommend trying the suggestion from the Web3 team. We don’t have specific tests for checking compatibility with packages such as Gecko, Webkit, or Blink.

If you try their suggestion and it works or does not can you let us know?

Yeah I’ll update you as soon as they release web3 v1.0.0-beta.51, should be this week. Just thought I’d bring it up in here to make you aware in case you get other tickets or in fact it was an issue on your end. Thanks for the response.

1 Like

Web3 was updated today to version web3@1.0.0-beta.51 and this indeed does fix the CORS issues. I’m not sure we want to just delete this post, trying to figure out issues in this space is hard and it would be nice to leave a trail for this.

Great news, thanks for the update, yeah good to leave this here but we can change the title to resolved.