Developers Forum for XinFin XDC Network

ncode
ncode

Posted on • Updated on

[WIP] CORS Issue on erpc.apothem.network

Hi, We are currently experiencing a CORS policy issue that has disrupted access to 'https://erpc.apothem.network/' from our origin 'https://auth.magic.link'. This problem emerged after Saturday, and we urgently need your assistance in resolving it.

The error message is as follows:

Access to XMLHttpRequest at 'https://erpc.apothem.network/' from origin 'https://auth.magic.link' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Enter fullscreen mode Exit fullscreen mode

Could you please investigate and adjust the CORS policy for 'https://erpc.apothem.network/' to include the 'Access-Control-Allow-Origin' header for 'https://auth.magic.link'?

Discussion (3)

Collapse
ncode profile image
ncode Author

Facing a similar issue on erpc.xinfin.network

Collapse
rushabh_parmar profile image
Rushabh Parmar

On all the public RPC we have enabled --rpc --rpccorsdomain and Based on the provided information, Please note CORS headers are already set up on the server side for the public RPC at 'erpc.apothem.network/'. The error message indicates that there is no 'Access-Control-Allow-Origin' header present on the response, which is essential for allowing cross-origin resource sharing.

If you've already configured the CORS headers on the server and are still facing issues, here are a few additional steps you can take to troubleshoot and resolve the CORS problem:

Verify CORS Headers Configuration:
Ensure that the server is configured to include the 'Access-Control-Allow-Origin' header in its responses. Check the server configuration, middleware, or application code to confirm that the appropriate CORS headers are being set. Additionally, ensure that the headers are not being overwritten or removed elsewhere in the application.

Check Preflight Requests:
The error message also mentions an issue with the preflight request. Preflight requests are HTTP options requests sent by the browser before the actual request. Ensure that the server responds correctly to preflight requests by allowing the necessary headers, methods, and origins.

Wildcard CORS Configuration (Not Recommended for Production):
As a temporary measure for testing, you can configure the server to allow all origins using a wildcard ('*') in the 'Access-Control-Allow-Origin' header. However, note that this is not recommended for production environments due to security concerns. It should only be used for testing purposes.

Logging and Debugging:
Enable detailed logging on the server side to capture CORS-related information. Check the server logs for any additional error messages or warnings related to CORS. Debugging tools in browsers can also provide insights into the CORS issues.

Update CORS Library or Middleware:
If you are using a CORS library or middleware in your server application, make sure it is up-to-date. Check for any updates or patches that might address CORS-related issues.

Network and Firewall Configuration:
Ensure that there are no network or firewall issues preventing communication between 'auth.magic.link' and 'erpc.apothem.network/'. Confirm that the server is reachable and that there are no restrictions on cross-origin requests

Collapse
jg profile image
John Grimsey

Hey @ncode I wrote a short tooling request for RPC health monitoring:
xdc.dev/jg/tooling-request-surface...