Can login on chat.openai.com, but can't login on platform.openai.com(blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource)

API Bugs
1

Hi,

There is a bug when attempting to login to OpenAI Platform to manage API.

image
image1486×608 103 KB

main.623a4e67.js:2 Error: Invalid state
at e. (main.623a4e67.js:2:95920)
at main.623a4e67.js:2:8541
at Object.next (main.623a4e67.js:2:8646)
at main.623a4e67.js:2:7583
at new Promise ()
at p (main.623a4e67.js:2:7328)
at e.handleRedirectCallback (main.623a4e67.js:2:95357)
at main.623a4e67.js:2:110015
at l (main.623a4e67.js:2:1298507)
at Generator._invoke (main.623a4e67.js:2:1298295)
at Generator.next (main.623a4e67.js:2:1298936)
at r (main.623a4e67.js:2:1766630)
at s (main.623a4e67.js:2:1766833)
at main.623a4e67.js:2:1766892
at new Promise ()
at main.623a4e67.js:2:1766773
at main.623a4e67.js:2:111647
at cs (main.623a4e67.js:2:1114449)
at jc (main.623a4e67.js:2:1133338)
at t.unstable_runWithPriority (main.623a4e67.js:2:1315444)
at Wi (main.623a4e67.js:2:1076104)
at kc (main.623a4e67.js:2:1133095)
at sc (main.623a4e67.js:2:1124840)
at main.623a4e67.js:2:1076395
at t.unstable_runWithPriority (main.623a4e67.js:2:1315444)
at Wi (main.623a4e67.js:2:1076104)
at Ji (main.623a4e67.js:2:1076340)
at Yi (main.623a4e67.js:2:1076275)
at uc (main.623a4e67.js:2:1125289)
at Jc (main.623a4e67.js:2:1144156)
at t.render (main.623a4e67.js:2:1147150)
at main.623a4e67.js:2:2026261
at main.623a4e67.js:2:2028148
at main.623a4e67.js:2:2028151
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
l @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
r @ main.623a4e67.js:2
c @ main.623a4e67.js:2
Promise.then (asynchrone)
r @ main.623a4e67.js:2
s @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
cs @ main.623a4e67.js:2
jc @ main.623a4e67.js:2
t.unstable_runWithPriority @ main.623a4e67.js:2
Wi @ main.623a4e67.js:2
kc @ main.623a4e67.js:2
sc @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
t.unstable_runWithPriority @ main.623a4e67.js:2
Wi @ main.623a4e67.js:2
Ji @ main.623a4e67.js:2
Yi @ main.623a4e67.js:2
uc @ main.623a4e67.js:2
Jc @ main.623a4e67.js:2
t.render @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
main.623a4e67.js:2

    GET api openai com/compliance/cookie_requirements net::ERR_FAILED

(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
l @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
r @ main.623a4e67.js:2
s @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
t @ main.623a4e67.js:2
value @ main.623a4e67.js:2
queryFn @ main.623a4e67.js:2
fetchFn @ main.623a4e67.js:2
t @ main.623a4e67.js:2
p @ main.623a4e67.js:2
value @ main.623a4e67.js:2
value @ main.623a4e67.js:2
value @ main.623a4e67.js:2
value @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
cs @ main.623a4e67.js:2
jc @ main.623a4e67.js:2
t.unstable_runWithPriority @ main.623a4e67.js:2
Wi @ main.623a4e67.js:2
kc @ main.623a4e67.js:2
sc @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
t.unstable_runWithPriority @ main.623a4e67.js:2
Wi @ main.623a4e67.js:2
Ji @ main.623a4e67.js:2
Yi @ main.623a4e67.js:2
uc @ main.623a4e67.js:2
Jc @ main.623a4e67.js:2
t.render @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
callback:1 Access to manifest at ‘openaiapi-site azureedge net/public-assets/d/a1e25346d2/manifest.json’ from origin ‘platform openai com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
openaiapi-site azureedge net/public-assets/d/a1e25346d2/manifest.json:1

    GET https://openaiapi-site.azureedge.net/public-assets/d/a1e25346d2/manifest.json net::ERR_FAILED 200 (OK)

main.623a4e67.js:2

    GET api openai com/compliance/cookie_requirements net::ERR_FAILED

(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
l @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
r @ main.623a4e67.js:2
s @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
t @ main.623a4e67.js:2
value @ main.623a4e67.js:2
queryFn @ main.623a4e67.js:2
fetchFn @ main.623a4e67.js:2
t @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
Promise.then (asynchrone)
(anonymous) @ main.623a4e67.js:2
Promise.catch (asynchrone)
t @ main.623a4e67.js:2
p @ main.623a4e67.js:2
value @ main.623a4e67.js:2
value @ main.623a4e67.js:2
value @ main.623a4e67.js:2
value @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
cs @ main.623a4e67.js:2
jc @ main.623a4e67.js:2
t.unstable_runWithPriority @ main.623a4e67.js:2
Wi @ main.623a4e67.js:2
kc @ main.623a4e67.js:2
sc @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
t.unstable_runWithPriority @ main.623a4e67.js:2
Wi @ main.623a4e67.js:2
Ji @ main.623a4e67.js:2
Yi @ main.623a4e67.js:2
uc @ main.623a4e67.js:2
Jc @ main.623a4e67.js:2
t.render @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
Error with Permissions-Policy header: Unrecognized feature: ‘document-domain’.
main.623a4e67.js:2

    GET api openai com/compliance/cookie_requirements net::ERR_FAILED

(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
l @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
r @ main.623a4e67.js:2
s @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
t @ main.623a4e67.js:2
value @ main.623a4e67.js:2
queryFn @ main.623a4e67.js:2
fetchFn @ main.623a4e67.js:2
t @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
Promise.then (asynchrone)
(anonymous) @ main.623a4e67.js:2
Promise.catch (asynchrone)
t @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
Promise.then (asynchrone)
(anonymous) @ main.623a4e67.js:2
Promise.catch (asynchrone)
t @ main.623a4e67.js:2
p @ main.623a4e67.js:2
value @ main.623a4e67.js:2
value @ main.623a4e67.js:2
value @ main.623a4e67.js:2
value @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
cs @ main.623a4e67.js:2
jc @ main.623a4e67.js:2
t.unstable_runWithPriority @ main.623a4e67.js:2
Wi @ main.623a4e67.js:2
kc @ main.623a4e67.js:2
sc @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
t.unstable_runWithPriority @ main.623a4e67.js:2
Wi @ main.623a4e67.js:2
Ji @ main.623a4e67.js:2
Yi @ main.623a4e67.js:2
uc @ main.623a4e67.js:2
Jc @ main.623a4e67.js:2
t.render @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
(anonymous) @ main.623a4e67.js:2
main.623a4e67.js:2

    GET api openai com/compliance/cookie_requirements net::ERR_FAILED

All our digital asset a protected behind VPN and Firewalls.

I need to be on the VPN to have access to the data I have to feed to fine-tune a model. I also need to be on the VPN to store OpenAI responces.

I used to be able to login to platform.openai.com even when I was on the VPN. I don’t have this bug when I connect to chatgpt plus.

Here is what ChatGPT is proposing you to do to fix this issue, it has to be done on your side. In other word it’s a bug you can fix:

The error message you’re encountering, “has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource,” is a common issue when making requests from a web page to a different domain or origin. This error occurs due to security restrictions imposed by the same-origin policy, which is a security feature implemented by web browsers to prevent cross-origin requests that could potentially be malicious.

To fix this issue, you need to configure the server that’s hosting the requested resource to include the appropriate CORS headers in its response. Here are the steps to fix the problem:

  1. **Server-Side Configuration:**You should configure your server to include the necessary CORS headers in its responses. This is typically done by modifying the server’s response headers. You need to set the “Access-Control-Allow-Origin” header to specify which origins are allowed to access the resource.For example, if you want to allow any origin to access your resource, you can set the header like this in your server’s response:

CODE:

Access-Control-Allow-Origin: *

If you want to allow only specific origins, replace the * with the specific origin(s) you want to permit.
2. **Server-Side Configuration (Additional Headers):**Depending on your application’s requirements, you might also need to include other CORS-related headers, such as:

  • Access-Control-Allow-Methods: Specifies the HTTP methods (e.g., GET, POST, PUT, DELETE) that are allowed when accessing the resource.
  • Access-Control-Allow-Headers: Specifies the HTTP headers that are allowed in the request.
  • Access-Control-Allow-Credentials: Indicates whether credentials (e.g., cookies or HTTP authentication) can be included in the request.
  • Access-Control-Expose-Headers: Lists the HTTP headers that can be exposed to the client.You should configure these headers based on your application’s needs.
  1. **Testing:**After making the necessary changes to your server-side configuration, you should test your application again to ensure that the CORS issue has been resolved.
  2. **Client-Side Code (Optional):**In some cases, you might also need to make changes to your client-side code. For example, if you’re using JavaScript to make cross-origin requests, you can specify the withCredentials property to include credentials (e.g., cookies) in the request if your server allows it.

Here’s an example of a more complete CORS header setup in a server response:

CODE:

Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: X-Custom-Header

Be aware that allowing any origin (*) can be a security risk, so it’s usually better to specify specific origins that are allowed to access your resources. Additionally, consider the security implications of allowing credentials in cross-origin requests. Always follow security best practices when configuring CORS.