We are experiencing the same error on our side when using the authorization header. Along with this dummy trash talk with community support staff, could we get some developers to look into this issue? It’s a core requirement for using your IPFS service from browsers. Not everyone uses this from the backend side. How can this encourage anyone to use your IPFS service if nobody is even trying to fix this configuration issue?
2 Likes
Hi, I pasted this from my browser, it is my exact error i see in the console when calling using my frontend application.
Hello,
I’m also seeing the same CORS error when I upload from a browser, even when I use a proper project ID (no secret) and have configured the origins from the settings page.
1 Like
I’m also seeing this
1 Like
We are currently working on figuring out what is going on with this issue. We will provide an update as soon as we have one.
1 Like
Hi all,
We are working on a more permanent fix to this issue, but for now, the best workaround is to specify the fetch-mode as no-cors as in the below example:
fetch(fullEndpoint, {
method: 'POST',
headers: {
'Authorization': 'Basic <YOUR_AUTH_KEY>',
},
mode: 'no-cors',
body: formData
}).then(response => {
console.log(response.status)
})
Alternatively, you can try to host a nodejs server that proxies those requests and that should bypass this issue.
Again, we are working on a more permanent fix, but this should work in the meantime to get things back up and running.
Thanks @Leiya_Kenney,
I managed to get a 200 response after using fetch to do a pin to infura IPFS, however nothing has shown up in my Infura dashboard?
It has been 10 minutes, is there a latency before it should show up?
to follow that up this is the response i get back from the pin, i see a 200 in network tab but this in console:
Response {type: "opaque", url: "", redirected: false, status: 0, ok: false,}
Hey! What is the fullEndpoint URL in your example code? I’m used to using ipfsClient.create({ url: ... }) so not sure what you mean.
I’m also seeing a similar response and a 403 forbidden using https://ipfs.infura.io:5001/api/v0.
Hey @garygeorge - yes, there is a slight latency between when the call is made and when it shows up in the dashboard.
Hey @andrew! When you’re getting the 403 forbidden, are you including the /add anywhere to clarify that you’re adding a file?
Hi
Nothing has shown up in my dashboard and it’s been a few days now
Has anyone here been able to successfully pin a file using either fetch or the Ipfs http client using the infura API credentials?
I’m Starting to lose hope
Hi @Leiya_Kenney, related question… is it secure to call Infura’s ipfs api this way from a browser client? It seems like calling the api this way leaks your project secret key.
To clarify, I’m referring to running code like this in a browser:
const { create } = require('ipfs-http-client')
const projectId = <project_id>
const projectSecret = <project_secret>
const auth =
'Basic ' + Buffer.from(projectId + ':' + projectSecret).toString('base64')
const client = create({
host: 'ipfs.infura.io',
port: 5001,
protocol: 'https',
headers: {
authorization: auth
}
})Thanks for helping! Running:
const res = await fetch('https://ipfs.infura.io:5001/api/v0/add', {
method: 'POST',
headers: {
'Authorization': 'Basic <client id>',
},
mode: 'no-cors',
body: data
})
Seems to fail with a 400 bad request.
Hi @newbyca, and welcome to the Infura community! You can keep your project secret/key from being leaked by storing them in something like a .env file, but you are correct in that this workaround is not quite as secure as the original. However, this workaround is the best way forward we have been able to find so far.
Any idea if some sort of backend authentication flow will be supported or generation of a one time upload url?
For example, in S3 you can upload files from a frontend on a url that is generated/signed on the backend, so the secret is not needed in frontend.
Also, what is wrong if I just use the endpoint unauthenticated?Will Infura stop this from working at some point?
@Leiya_Kenney - I also am unable to use the ipfs-http-client to add and pin a file to my IPFS infura project, using the project id and project secret. I receive the same error as others re: cross origin. It’s been almost a month! What is the status?
Hi @raresserban96, and welcome to the Infura community! Yes, we will be deprecating the unauthenticated endpoint in the future. Since we are still in Beta mode for this, you can still use it unauthenticated, but that will be deprecated. We will, however, post on the community with our planned deprecation date so you know it’s coming.
Hi @mark008000e, and welcome to the Infura community!
If you’re running into that error, you can use the code outlined in this comment as a workaround for now. Our engineers are working to figure out the root cause and to fix the issue, but for now, the workaround is the best option for getting your code up and running.
Hey, thank you for your answer.
Will there be supported for Presigned URLs, similar to how AWS S3 works?
https://docs.aws.amazon.com/AmazonS3/latest/userguide/PresignedUrlUploadObject.html
So I can generate a url for uploading files on the backend that is valid only one time, and share that to the frontend, so I don’t need to have the credentials exposed in frontend.
Also getting 400 error using the solution provided. Gonna check out Pinata its a shame I really wanted to use Infura.