Skip to content

[API/SDK & CORS POLICY] #12810

New issue
New issue
Open
Open
[API/SDK & CORS POLICY]#12810
@YOLO-SNIPES

Description

@YOLO-SNIPES
YOLO-SNIPES
opened on Aug 27, 2025

Issue: CORS policy prevents Audius SDK usage from localhost during development
Title: CORS Issue: Audius SDK Fails to Fetch Data from localhost in a Development Environment

Description: When developing a web application locally that uses the Audius JavaScript SDK, all API requests made by the SDK fail due to Cross-Origin Resource Sharing (CORS) errors. The API server returns a 403 Forbidden status, which prevents the browser from completing the request. This makes it impossible to develop and test applications that rely on the SDK on a local machine (e.g., from http://localhost:8000).

Steps to Reproduce:

Create a basic index.html file that includes the Audius SDK and web3.js via the CDN script tags as recommended in the official documentation.
Create an app.js file that initializes the SDK with a valid API key.
In app.js, attempt to fetch any public data using an SDK method, for example: audiusSdk.playlists.getPlaylist({ playlistId: 'WVJWo9' }).
Serve these files using any standard local web server (e.g., python -m http.server 8000).
Open the page in a web browser (like Chrome or Firefox) and view the developer console.
Expected Behavior: The Audius SDK should successfully fetch the requested data from the API without any CORS errors, allowing developers to build and test their applications on a local environment.

Actual Behavior: The fetch request made by the SDK fails. The browser's developer console shows a TypeError: Failed to fetch error. Inspecting the Network tab reveals that the request to the Audius API endpoint (e.g., https://discoveryprovider2.audius.co/...) receives a 403 Forbidden response, which is a result of the server's CORS policy blocking the request from the http://localhost:8000 origin.

Environment:

OS: Linux (Sandboxed Environment)
Server: Python's built-in http.server
Browser: Chromium (via Playwright automation, which reflects standard browser behavior)
SDK: Loaded via CDN (https://cdn.jsdelivr.net/npm/@audius/sdk@latest/dist/sdk.min.js)
Suggested Solution: To improve the developer experience, please consider updating the CORS policy on the Audius API discovery providers. Adding common development origins like http://localhost:3000, http://localhost:8000, and http://127.0.0.1:* to the Access-Control-Allow-Origin response header would resolve this issue and allow developers to build amazing things with your SDK more easily.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions