CORS policy error

Since recently seems Aeternity API has introduced a CORS policy that is causing us errors, ie:
Access to XMLHttpRequest at ‘https://sdk-testnet.aepps.com/v2/key-blocks/current’ from origin ‘https://app.dev.cryptotask.org’ has been blocked by CORS policy: The ‘Access-Control-Allow-Origin’ header has a value ‘https://base.aepps.com’ that is not equal to the supplied origin.

What is the reason for allowing only that origin, it means no one is able to test code without hosting their own full node?

1 Like

Of course you should be able to test code with other nodes. The SDK is also using the aeternal.io node and middleware as a standard setting. I’m not sure what causes this problem but I’ve forwarded your question. Thanks for asking!

1 Like

It should be fixed, see SDK-Testnet CORS Error

Sorry for the long delay, I’m sure we’ll start processing similar issues much faster very soon.

1 Like

Hey, any updates on that issue?

The same issue is observed for https://compiler.aepps.com/encode-calldata

Could you please report that issue in the compiler repo, so we don’t forgot about it.

No progress so far as i’m busy with services migration so far.

Any chance for an estimation? Also if we build our own aeternal and compiler are we going to observe the same behavior?

No, this depends on your reverse proxy configuration

I’ve temporary disabled the edge caches, and the fix on its way.

however, it has to be released, then deployed etc.

2 Likes

I am using online IDEs and seems both are having issues with CORS trying to reach remote compiler:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://latest.compiler.aepps.com/decode-call-result. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Compiler has been updated to 4.2.1

$ curl https://compiler.aepps.com/api-version -H "Sophia-Compiler-Version: 4.2.0"
{"api-version":"4.2.1"}

Also latest point to that version as well:

$ curl https://latest.compiler.aepps.com/api-version
{"api-version":"4.2.1"}

Please note I’m using the api-version above as the sophia compiler version is the same (4.2.0) as it hasn’t been updated in this API bugfix release.

$ curl https://latest.compiler.aepps.com/version
{"version":"4.2.0"}

cc @hanssv.chain

To be fair it is the same compiler, so just bumping the API-version sounds right.

That was my point, thanks

1 Like

@DinchoTodorov.chain I’m still getting the same CORS error with both IDEs

Maybe you should provide more details.

@DinchoTodorov.chain sure
So compiling and testing at https://contracts.aepps.com/#/

contract MapTest =

record state = { tMap : map(int, int) }

stateful entrypoint init() = { tMap = {} }

entrypoint getMapPositive(index: int) =
state.tMap[index = 5]

entrypoint getMapNegative(index: int) =
state.tMap[index = -5]

The weird thing is that getMapPositive(8) returns 5 as expected, but getMapNegative(8) returns: Unknown error and in the browser console I get:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://latest.compiler.aepps.com/decode-call-result. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

@DinchoTodorov.chain is this going to be resolved?

I’m looking into it right now, looks like HTTP compiler issue to me that throws 500 error, not directly related to CORS.

See https://github.com/aeternity/aesophia_http/issues/59

thanks! :slight_smile: i will use my local full node in the meantime, just for the community in general i think it is very useful that online IDE works properly, as people can start experimenting with sophia right away ^^

There is no doubt that we should have easy to use tools (and properly working) to onboard new developers

Hey, this nasty issue makes me wanna cry already @DinchoTodorov.chain

Access to XMLHttpRequest at 'https://compiler.aepps.com/decode-call-result' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.