Alchemy Documentation
WebsiteRoadmapDashboard
Search…
👋
Welcome to Alchemy
🚀
Introduction
Why Use Alchemy?
Getting Started
Core Products
Contributing to these Docs
Referral Program
Web3 University
Road To Web3
SDK
Alchemy SDK QuickStart
Enhanced APIs
Enhanced APIs Overview
NFT API
Transfers API (Tx History)
Transaction Receipts API
Token API
Notify API
Debug API
Trace API
Subscription API (WebSockets)
Unstoppable Domains APIs
Chain APIs
Ethereum API
Polygon API
Arbitrum API
Optimism API
Solana API
Flow Docs
Crypto.org Docs
Feature Support By Chain
📖
Documentation
Best Practices When Using Alchemy
Changelog
Alchemy Web3.js
Error Reference
Compute Units (CUs)
Throughput (Rate Limits)
Gas Limits for eth_call and eth_estimateGas
Batch Requests
🎓
Road to Web3
Welcome to the Road to Web3
Important Info
Weekly Hackathons
Weekly Learning Challenges
💻
Tutorials
Hello World Smart Contract
How to Code and Deploy a Polygon Smart Contract
How to Create an NFT Tutorial
How to Build an NFT Marketplace in 2 hours
NFT Minter Tutorial: How to Create a Full Stack DApp
How to Create an ERC-20 Token (4 Steps)
Integrating Historical Transaction Data into your dApp
How to Track Mined and Pending Ethereum Transactions
Arbitrum NFTs: Creating and Deploying ERC-721
How to Send a Private Transaction on Ethereum
📜
Guides
The Merge
How to Fork Ethereum Mainnet
How to Set Up Core Web3 Developer Tools
EIP-1559 Resource and Tutorial Hub
Dashboard Walkthrough
Understanding Ethereum Logs
Deep Dive into eth_getLogs
How to Add Alchemy RPC Endpoints to Metamask
Alchemy Set-up for Macs
Choosing a Web3 Network
Running an Eth2.0 Staking Node or Validator with Alchemy
Internal Playbook: Upgrading Ethereum Nodes
Debugging CORS problems for end-users
How to interpret binaries in Solidity
How to Verify a Message Signature on Ethereum
Ethereum Transactions - Pending, Mined, Dropped & Replaced
How to Enable Compression to Speed Up JSON-RPC Blockchain Requests
📚
Resources
FAQ
Support
Blockchain 101
Web3 Glossary
Powered By GitBook
Debugging CORS problems for end-users
If your users are experiencing CORS issues here's how to debug them

Overview

CORS issues happen when the browser does not trust the endpoint that it is trying to reach. In order to allow calls from the browser to the Alchemy endpoint to succeed, we include specific CORS headers in our API response. The problem described here occurs when something about the user's internet, browser, extensions, installed applications, etc hinders the proper interpretation of those headers.

Examples

Here are some samples of what a CORS problem might look like for your users. Always encourage them to send screenshots or copy-paste snippets of their browser console.

Some causes and fixes

As mentioned above, any hindrance in the request lifecycle before reaching Alchemy servers can cause this problem. Here are a few of the root causes we have identified in the past and how to resolve them:

The user has an antivirus such as Bitdefender installed

Bitdefender, Brave Shields, and other antivirus softwares can be installed on the OS or as a browser extension. There are multiple ways that an endpoint can be blocked by an antivirus:
  • The endpoint may be categorized under "banking", which might have additional restrictions configured in the antivirus settings.
  • The user may have parental controls restricting their web access.
  • The endpoint may be on a global blacklist (unlikely).
In each of these cases the resolution is to add the blocked endpoint to the exceptions list, or whitelist of the antivirus. The user may need to add multiple endpoints and potentially a wildcard for the entire https://alchemy.com and https://alchemyapi.io domains.
If adding an exclusion doesn't help, then try turning off the Bitdefender "protection shield" altogether. If the antivirus is not Bitdefender, then turn off whichever antivirus the user as installed.

The user's ISP or router is blocking the website

Sometimes an ISP or router will block a site based on DNS. First ask the user to navigate directly directly to https://www.alchemy.com/ and https://www.alchemyapi.io. If they are unable to access the websites then they might be getting DNS blocked. To confirm this is the case, switch the user to a VPN and see if they can access the websites and if the CORS issue persists. A longer term resolution is to recommend an open DNS provider.

Your application uses a browser extension (unlikely)

Google Chrome released an update in September 2020 that makes it much more difficult for Chrome extensions to make cross-domain requests. If your application depends on a Chrome extension then this could be the problem.

Submitting a persistent problem

If none of the causes and fixes above are helping then please loop us in! You can reach out to us on discord anytime and we will get an engineer to help. Some information that will be useful to gather beforehand:
  • User's computer manufacturer.
  • Operating system and version.
  • What browser they are using and version of that browser.
  • Antivirus softwares installed, if any.
  • If the user navigates directly to https://www.alchemy.com/ or https://www.alchemyapi.io do are they able to view the website?
  • What country is the user located in?
  • What mitigations the user may have tried so far.
    • Using a different browser.
    • Using a different computer.
    • Using a different internet connection.
    • Clearing the browser cache.
    • Restarting the computer.
This information is not required, but it will help us get a better handle on the issue.

Setting up a CORS proxy

If you are experiencing more widespread problems with CORS, e.g. not just with Alchemy, then you might want to set up a CORS proxy. This means all of your end-users will talk directly to your own domain and therefore CORS issues are impossible. Then in your own back-end you will call Alchemy endpoints and send the responses back to your end-users. This is a more difficult, but also guaranteed longer-term solution to CORS problems.
Guides - Previous
Internal Playbook: Upgrading Ethereum Nodes
Next - Guides
How to interpret binaries in Solidity
Last modified 6mo ago
Copy link
Contents
Overview
Examples
Some causes and fixes
The user has an antivirus such as Bitdefender installed
The user's ISP or router is blocking the website
Your application uses a browser extension (unlikely)
Submitting a persistent problem
Setting up a CORS proxy