CORS Support Needed for Dev-Node Endpoints (https://node-x.dev-node.web3auth.io/sss/jrpc)

Hello Web3Auth Support Team,

We are integrating Web3Auth into our browser-based wallet application (With MPC TSS - sapphire_devnet ), and have encountered a CORS issue with your dev-node endpoints while loginWithJwt (testing in iOS platform)

Detail:

• Our app makes requests from a browser/webview context (origin: chrome://wallet).

• Requests to your main API endpoint (e.g., https://api.web3auth.io/signer-service/api/allow) succeed, as these endpoints return the appropriate CORS headers:

Access-Control-Allow-Origin: chrome://wallet
Access-Control-Allow-Credentials: true

• However, requests to the dev-node endpoints (e.g., https://node-1.dev-node.web3auth.io/sss/jrpc, https://node-2.dev-node.web3auth.io/sss/jrpc, etc.) fail due to missing CORS headers. The browser blocks these requests with the following error:

“Fetch API cannot load https://node-x.dev-node.web3auth.io/sss/jrpc due to access control checks.”

• The network response for these endpoints does not include any Access-Control-Allow-Origin header.

Request:

Could you please update the CORS configuration for the dev-node endpoints to include the following headers in responses to browser-based clients?

Access-Control-Allow-Origin: chrome://wallet
Access-Control-Allow-Credentials: true

Or, for development purposes, you could use:

Access-Control-Allow-Origin: *

This change will allow browser-based applications to interact with your dev-node endpoints without being blocked by CORS policy.

Thank you for your help!

Best regard,
Anh

Thank you for the detailed report, Anh!

Summary of Your Issue:

• Integration Context: Browser-based wallet app using Web3Auth with MPC TSS (sapphire_devnet), custom JWT login.
• Problem: CORS errors when your app (origin: chrome://wallet) tries to access dev-node endpoints like https://node-x.dev-node.web3auth.io/sss/jrpc. These endpoints do not return Access-Control-Allow-Origin headers, causing browser requests to fail.
• Working: Main API endpoints (e.g., https://api.web3auth.io/signer-service/api/allow) do return the correct CORS headers and work as expected.
• Request: Update CORS configuration on dev-node endpoints to allow requests from your app’s origin (or use * for development).

Details for Support Team

• Platform: Browser/Webview (chrome://wallet)
• SDK: Not specified, but using MPC TSS (sapphire_devnet) and custom JWT login flow.
• Endpoints affected: All https://node-x.dev-node.web3auth.io/sss/jrpc endpoints.
• Endpoints working: https://api.web3auth.io/signer-service/api/allow
• Custom Auth: Yes, using custom JWT.
• Request: Add CORS headers (Access-Control-Allow-Origin: chrome://wallet and Access-Control-Allow-Credentials: true) to dev-node endpoints.

Next Steps / Recommendations

• This is a backend configuration/feature request for the dev-node environment. No further code or JWT details are needed from your side right now.
• If you need a workaround while waiting for the CORS update, you could consider using a backend proxy server in your development setup, but for production and best security, native CORS support is ideal.

Reference Docs:

• Web3Auth Custom JWT Guide
• CORS in Web3Auth Telegram Mini App Example

Support Team:
Please review and consider updating the CORS policy for dev-node endpoints as per the above request. This will enable browser-based integrations using custom JWT auth to function correctly in development environments.

Anh, we’ll keep you updated here as soon as there’s progress or a fix! If you have further technical details or encounter new errors, feel free to share them. Thank you for helping us improve the developer experience!

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours