How to enable CORS in Multichain

+4 votes

I am developing a web application using ReactJS and multichain-node javascript node module. When I am trying to call my Multichain back end from browser based application I am getting following error.: 

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 502. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Kindly help.

asked May 28, 2018 by Mouazzam

2 Answers

+1 vote
We haven't considered MultiChain being used in this way before, where its API is accessed directly from a web-based front end. Normally this would be considered too much of a security problem because the password would be visible to the web user, but perhaps it's safe in your case if everything is running locally.

Your immediate workaround would be to run a simple proxy in front of the MultiChain API endpoint which adds the required header.

In terms of considering adding this feature in future, can you please explain your deployment scenario?
answered May 31, 2018 by MultiChain
+1 vote
You have to use something in between like a proxy. You dont want to make calls directly to the API from your front end as it can be a security risk if the traffic is recorded. You can use PHP like the web demo does. My solution was to create a network service within your web application that actually makes the calls. Your frontend calls this custom service which acts as the proxy to the multichain-node.
answered Sep 6, 2018 by gravyplaya