CORS Error - Verification process

Hi Guys,

We are really familiar with the usage of Blockcerts verification process.

In order to be able to activate the verification we used to give CORS permissions to the Blockcerts official URL to our public key JSON file https://mydomain.com/publicKey.json in our domain and also the revokation list JSON file https://mydomain.com/revokationList.json.
Recently, we are getting the following error “Computed hash does not match remote hash” .

Checking the network logs we found that it is necessary to enable the following address as well https://mydomain.com/api/event/certificate.
Access to XMLHttpRequest at ‘https://mydomain.com/api/event/certificate’ from origin ‘https://www.blockcerts.org’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource…
Is it necessary or there is a way to tell the verifier during the issuing process to avoid the verification in that address.

Regards,

Danny S.

Make sure you have Access-Control-Allow-Origin at https://mydomain.com
I’m not 100% but I think that the “computed hash doesn’t match remote” has to do with the content of the json changing from the time it was issued.

1 Like