Is there an esplora instance out there which allows any origin to load it (CORS rules)? blockstream.info doesn't allow * (which means it is denied by browsers by default).
Alternatively, if anyone knows anyone at blockstream.info who would add a "Access-Control-Allow-Origin: *" header to the /api/address endpoints, that would be amazing.
why not use a browser extension to selectively ignore CORS, or make the calls via CLI bypassing ?
I want it to be easy for people to use the store. To me, this means no installing extensions to bypass browser security features or running commands and pasting the output into the browser.
Using an extension for development is a good idea though, as it will allow me to confirm that the change I am requesting will really solve my specific problem. Plus it's a reasonable short term workaround until a propernfix is in place.
Do you have one you'd recommend for this?
Its been a few years since i last used an extension for this. The Allow CORS extension is nice because icon changes to visually reflect when its in use or not. Should be available on Chrome and Firefox.
Depending on your project it may also be feasible to setup a proxy to blockstream when serving the domain as then you can manipulate headers being sent to the client.
Or you may want to consider using an alternative api provider altogether such as blockcypher.com/dev/bitcoin/?javascript#address-api (ive not used this one and rate limits for free usage are 3/sec or 100/hr)
Allow CORS seems to work in Chromium, but now I've discovered that sometimes blockstream.info gives 403 errors to Tor users. 😒
When I tried to navigate to the docs for blockcypher.com, the first thing I saw was cloudflare judging me for using Tor, so I am not optimistic there either. 🫤
But it seems like it is still worth trying. Maybe the only want to give privacy advocates a hard time for reading the documentation, but not for using their API. 🤷♂️
In any case, clearly improving error handling is in order!
Ah, I figured out what's going on here. Blockstream.info omits the CORS header for Tor users... sometimes.
This is most unfortunate. Time to switch providers to someone who is more reliable and privacy friendly.
