Requests to https://api.amplitude.com/ being blocked by CORS policy

Hello!

We’ve recently come across an issue with missing event data from a large group of our users.

One of our users agreed to record a HAR file of their browser session for us to investigate and it shows that requests to Amplitude are being blocked by CORS policy.

Here is a bunch of requests to Amplitude from the user’s browser session log, all - without a response from the server.

The encountered error, according to the user’s Console log, is:

Access to XMLHttpRequest at 'https://api.amplitude.com/' from origin 'https://lm.rt.ru' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

api.amplitude.com/:1 Failed to load resource: net::ERR_FAILED

The user is using desktop Chrome 93.0.4577.82 browser on Microsoft Windows 10.0 and a VPN tool to connect to our resource.

We were not able to reproduce the same error with the missing Access-Control-Allow-Origin header under similar surroundings (OS, browser and VPN tool). We are using Amplitude’s Javascript SDK.

Any ideas on how this can be fixed? We would really appreciate any help, since we are now having inconsistent event data in Amplitude charts.

Page 1 / 1

Hi @Kseniya Sinyakova ,

Thanks for writing into Amplitude Community! Happy to help.

So I do believe the client’s VPN is a big issue here. Sometimes Amplitude can be blocked by certain VPNs, it is not consistent. Which I assume why you were not able to reproduce it. Did you ask the client to turn off their VPN and then try to send the events again?

I know you are using the JS SDK. Which version? Did you update to the latest version available? Do you have any of the user payloads of the data that was sent and missed? Including the time, event name, platform, city, device faily, user id etc?

Did you also debug using the Amplitude Instrumentation Explorer? It’s very handy for debugging websites as you can see the events fire and being tracked in real-time.

I do think the VPN issue is the real culprit here. Would you be so kind as to ask them to disable it and then see if the requests are still being blocked? Updating to the latest JS SDK on top of that. Then we can move from there.

Kind Regards,
Denis

Hi Denis,

Thanks for your reply and advice! We’ll investigate with the VPN turned off and I’ll post an update here.

Hi @Denis Holmes,

I am facing the same issue when I tried to fetch(url,options) GET request to the chart API. It is working just fine in Postman but in the browser I get a CORS error the same one which is mentioned in the original post. Also I get a 401 status code with an ‘opaque’ response type .

I tried with my VPN disabled as well.

Can you help me on this?

Thanks

Hi @rohitashtekar ,

Did you make sure to turn off all VPNs or Ad blockers as mentioned above? Did you use the function in Postman to get the code for your call? You can get the code snippet by clicking on the </> code button to the right of the call like below.

Did you also try it on different networks to see? If you want to PM me the chart link and a screenshot of your Postman, I can look into this further for you. Thank you!

Hi @Denis Holmes ,

Thanks a lot for the quick response.
Yes, VPNs and AdBlockers are disabled in my browser. Yes I used the same code snippet to carry out fetch, also tried with a different network yet got the same result.

Sure, I will PM you the details. It’ll be of great help if you look further into it.

Thank you.

Hi @rohitashtekar ,

Can you PM me the link to the chart if you don’t mind? I see the API URL in your PM you were using above but if you can link me the analytics.amplitude.com chart, that would be great, thank you! I will be able to access it on my end. Thanks!

Hi @Denis Holmes ,

Yes, sure. I have put a PM to you along with the chart link.

Thank you

Hi @rohitashtekar ,

I have sent you a PM with the JS Code for the call but want to put my postman call here too! PM Me if you are still having issues, thank you!

Hi @Denis Holmes ,

These are the response headers I got with the latest code you told to check with.

Thank you

Hi @Denis Holmes ,

These are the screenshots for Request Headers and the Network requests using JavaScript.

Thank you.

Hi @Denis Holmes ,

This is the error I got on fetch after including the Header you mentioned.

Thank you.

Hi @Denis Holmes ,

The screenshot above contains the code that is missing from the function code that I sent you.

Thank you.

Thank you @rohitashtekar

@Denis Holmes is there is solution to this? I am getting the same CORS error when fetching https://amplitude.com/api/2/users?start=20230201&end=20230210. The request responds with a 200 in postman but I keep getting a CORS error when I make the request with JS.

No I am not using a VPN and I disabled all of my browser extensions.

Thanks!

This is the JS i’m using to make the request sans auth header.

var myHeaders = new Headers();
    myHeaders.append("Authorization", "Basic ...");

    var requestOptions = {
      method: 'GET',
      headers: myHeaders,
      redirect: 'follow'
    };

    fetch("https://amplitude.com/api/2/users?start=20230201&end=20230210", requestOptions)
      .then(response => response.text())
      .then(result => console.log(result))
      .catch(error => console.log('error', error));

Hi @Luke Waldner ,

Can you submit this as a new community question with your details above along with your Org ID and Project ID? Someone from the team will pick it up then. It seems I never got a response. @rohitashtekar Were you eventually able to clear this up? Thank you!

Kind Regards,
Denis

Reply

Recent Tips & Tricks

Reply

Recent Tips & Tricks

Welcome to the Amplitude Community!

If you're a current customer, select the domain you use to sign in with Amplitude.

Welcome to the Amplitude Community!

If you're a current customer, select the domain you use to sign in with Amplitude.

Scanning file for viruses.

This file cannot be downloaded