Web3auth (mumbai chain) blocked by CORS

This was working fine for the past 2 weeks and it suddenly stopped working. The web3auth modal popups up but once I click to login the console.log error appears:

Access to fetch at 'https://rpc-mumbai.maticvigil.com/' from origin 'http://localhost:3031' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

This is my code:

  const user = await Moralis.authenticate({
    provider: 'web3Auth',
    clientId: process.env.WEB3AUTH_CLIENTID,
    chainId: '0x13881',
  });

Did you try with 127.0.0.1 instead of localhost?

Yes it didn’t work with 127.0.0.1 either.
As well as my deployed app on vercel.

Is that RPC url working now?

Nope

Screen Shot 2022-05-07 at 10.41.11 AM873×189 42.7 KB

I mean if you try to use it directly as a RPC url for example to get latest block number

it looks like https://rpc-mumbai.maticvigil.com/ doesn’t work for me either when I try to use it as a RPC url

mmhh so any ideas how I can get web3auth to work then w/ mumbai?

Try using another RPC from this page on the testnet tab.

That makes sense to me however Moralis doesn’t expose the parameter to point to a different RPC in the Moralis.authenticate() function. https://rpc-mumbai.maticvigil.com/ seems to be set by default if you choose the Mumbai chain.

Screen Shot 2022-05-08 at 2.42.45 PM767×782 75.1 KB

it looks like something that web3auth provider can change

they could make an update for that

Any updates? Mine just stopped working for seemingly the same reasons…

Access to fetch at ‘https://rpc-mumbai.maticvigil.com/’ from origin ‘’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

The problem is related to that RPC url that stopped working. We are looking to see if we can find a solution.

Thanks. I talked to tech support on web3auth side and they said the same thing. This was suggested. https://docs.web3auth.io/api-reference/web/plugnplay#example

The issue doesnt seem to be resolved. Is there any other way we are able to test moralis web3auth on mumbai chain?

A temporarily solution for your local development is to change node_modules\moralis\lib\browser\Web3Connector\Web3AuthConnector.js so it uses another RPC:

// Build config
ethChainConfig = {
  chainNamespace: 'eip155',
  chainId: (0, _verifyChainId.default)(chainId)
}; // Build Web3Auth

to:

if (chainId === '0x13881') {
  ethChainConfig = {
    chainNamespace: 'eip155',
    chainId: (0, _verifyChainId.default)(chainId),
    rpcTarget: 'https://rpc-mumbai.matic.today'
  }; // Build Web3Auth

} else {
  ethChainConfig = {
    chainNamespace: 'eip155',
    chainId: (0, _verifyChainId.default)(chainId),
  }; // Build Web3Auth
}

Thanks for your help.
But I am not sure why it is still going ‘https://rpc-mumbai.maticvigil.com/’ instead of the stated rpcTarget.
It does not seem to enter the if statement.

you changed that code directly in node modules in node_modules\moralis\lib\browser\Web3Connector\Web3AuthConnector.js ?

Make sure you restart your app server. Also that change will only work on the browser side of things.

Yes, i changed code directly in web3AuthConnector.js and restarted the app server.
Is there a way to console log so i am able to see the rpcTarget result?