Hi,
Iām using JS Moralis lib and I have a problem with CORS on Firefox. I guess the problem is that the response from Moralis API is missing āuser-agentā in the header āaccess-control-allow-headersā.
Situation:
In JS is request to API: āMoralis.Web3API.account.getNFTsForContract(options).then(ā¦)ā. On Chrome/Brave it works correctly, but on Firefox I receive error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://pbptck3qh01u.usemoralis.com:2053/server/functions/getPluginSpecs. (Reason: header āuser-agentā is not allowed according to header āAccess-Control-Allow-Headersā from CORS preflight response).
I guess itās because Chrome is depreciating āuser-agentā header at all, but Firefox does not.
Versions:
Tested on: Windows and Linux on FF 96.0+.
Moralis Server v: 0.0.338 & 0.0.331
JS node_modules/moralis: v1.2.4 and v1.1.0
Firefox REQUEST:
OPTIONS /server/functions/getPluginSpecs HTTP/2
Host: pbptck3qh01u.usemoralis.com:2053
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: user-agent
Referer: https://...
Origin: https://...
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Received RESPONSE:
HTTP/2 200 OK
date: Wed, 02 Feb 2022 23:20:12 GMT
content-type: text/plain; charset=utf-8
content-length: 2
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-headers: X-Parse-Master-Key, X-Parse-REST-API-Key, X-Parse-Javascript-Key, X-Parse-Application-Id, X-Parse-Client-Version, X-Parse-Session-Token, X-Requested-With, X-Parse-Revocable-Session, X-Parse-Request-Id, Content-Type, Pragma, Cache-Control, X-Parse-Installation-Id
access-control-expose-headers: X-Parse-Job-Status-Id, X-Parse-Push-Status-Id
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6d7726113ede9a8c-MFE
X-Firefox-Spdy: h2