CORS errors when trying to access binaries.solidity.org form a browser #11429
Comments
|
It's already set up to serve those headers. You can check with: curl \
--verbose \
--header "Origin: https://stackblitz.com" \
--header "Access-Control-Request-Method: GET" \
--header "Access-Control-Request-Headers: X-Requested-With" \
--request OPTIONS \
'https://binaries.soliditylang.org/linux-amd64/solc-linux-amd64-v0.7.3+commit.9bfce1f6'For reference, here are the details of our current config, including CORS: ethereum/solc-bin#47 (comment)
I tried to reproduce it but I'm having trouble getting that site to work. I chose "JavaScript - blank project" and found the console window but even with all blockers disabled and an exception for third-party cookies I'm getting an error in Firefox when I press Enter after a command in its console: BTW, it's pretty aggressive about taking over my keyboard shortcuts (e.g. Ctrl+Shift+R or Ctrl+Shift+I) which makes it pretty inconvenient to inspect what's happening. In the meantime, maybe you could give me the exact error message it's displaying and some details of the exact request it's making like headers, HTTP method, etc? |
cameel
added
solcbin
waiting for more input
|
Thanks for your answer, @cameel! It now works, I'm really confused. Maybe it was an error on their end that got fixed? If I open the console in this same page I get the same error I was getting there:
but I guess it's because of how github sets up their cors. |
|
Oh, so it's not really CORS but CSP. I.e. it's not our server not issuing a CORS header and blocking a file this way. It's rather their own server attaching a CSP header that tells the browser that they do not want any JS scripts to connect to other places ( |
|
Looking closer at that error message, they apparently allow many exceptions - connections to various github URLs and to visualstudio.com. Maybe they would be willing to make an exception for binaries.soliditylang.org too? EDIT: Just noticed that you were talking about fetching from github. So the CSP comment applies to github. With stackblitz.com, I wonder if it might have been caused for some one-off error. I'm not sure if Amazon serves CORS headers when you get a HTTP 5xx or 4xx error for example. |
|
In that case I'm closing it. Feel free to reopen if it starts happening more often, we can investigate closer then. |
|
Oh, my bad! I mixed CORS and CSP. Sorry. My guess is that they added an exception, as they were also working on getting this to work. Thanks for your quick responses! I'll let you know if I get to know how it works now. |
Description
I'm trying to get Hardhat to work with https://stackblitz.com, but it's failing to download the compilers because no CORS policy is set up in binaries.solidity.org. I don't see any drawback to setting it to
Access-Control-Allow-Origin: *Steps to Reproduce
Open your browser terminal and run
fetch("https://binaries.soliditylang.org/linux-amd64/solc-linux-amd64-v0.7.3+commit.9bfce1f6"). It will fail because of CORS.The text was updated successfully, but these errors were encountered: