Status Code: 403 Forbidden : not allowed - invalid origin

Good day! Infura Community, I have this issue where I got the status error code: 403 Forbidden when I add my staging domain on allowed http origins but works smoothly when I leave it empty or remove it on http origins. Anyone encountered this issue too? I need help on how to solve this. Any help is appreciated guys. Thanks


Hey thanks for reaching out! Could you show me an example pls


Sure, every time I add my testnet(staging) domain in allowed https origins I got this 403 forbidden error when I fetch the data like in the image shown below but when I don’t add my testnet domain it works perfectly fine, I can fetch my data and images from ipfs.


This is the image of my infura allowlists


Hey @Dan1122 , the issue comes from the fact that browsers don’t send the Origin header when doing a GET request. That’s why the error is received when you have an allowed http origin configured in your project settings.

The thread below does a good job in explaining why browsers don’t send the origin header.

In our current architecture when you set up an Allowed Http Origin, this is being enforced both on the Infura IPFS API and on the Dedicated Gateway at the same time. So due to the fact that browsers don’t send an Origin header, you cannot view your CID via the dedicated gateway when you have allowed http origins configured, because it’s a GET without origin.

It is on our roadmap to separate the two functionalities, I mean to be able to open the reads on your dedicated gateway and allow writes on the IPFS API only from their origin, but there’s no clear ETA as of now.


I see thanks for the reply. For now I will empty my allowed origin https and wait for the separation of the two functionalities.


I too have had this issue :frowning: is there anything to do other than go in and change the allowed Https manually? Seems like it may be difficult to scale this solution. Thx!

1 Like

Not at the moment, as radu mentioned there is a feature on the roadmap but not ETA


This topic was automatically closed after 30 days. New replies are no longer allowed.