Cannot grab ipfs urls in js because of cross origin restrictions

Brave browser is blocking ipfs requests in my webapp because they are ‘cross-origin’, only links i can find telling me to use a gateway which misses the point of ipfs (nor do i want to host a gateway) javascript should be allowed to grab files from ipfs using just the cid url

Could you give more context and/or a repo showing what you’re doing? Some examples:

  1. Are you using js-kubo-rpc-client to talk to a local kubo node?
  2. Are you using helia to try and pull directly from the network into the browser? If the latter what is your config and how is the content you’re trying to load hosted?

I’m using normal website javascript. I shouldnt have to start a node because if the client is using brave then there is already a local node. I should be able to grab files off ipfs as long as I have a CID, using brave’s local node, for example an image file or a text file, and be able to present it with javascript, but I can’t even make an image file with ipfs as source because it just triggers cross origin restriction

const imgFile = document.createElement(‘img’);
imgFile.src =${CID};

gives ‘response was blocked by corb’

const imgFile = document.createElement(‘img’);
imgFile.src = ipfs://${CID};


what i need is some kind of nonshit browser where we can load files from ipfs without this cross origin stuff. i can’t even disable it or use dev mode or anything

I managed to load images finally, the trick was to put the website itself into ipfs, from there, imgFile.src = ipfs://${CID}; works

( or /${CID} do not work for the record, it needs to be ipfs://${CID})

It seems like a silly distinction since a file from a CID is still a file from a CID regardless of its being requested by the client on a normal website, or being ran locally from the .html, or ran from another CID file, but I guess the browser guys are ok with a cid website loading other cids just not a hosted website loading cids. It’s probably for the best since the website ought to be decentralised itself anyway, I would just recommend it was clearer as putting the website into the cid form are extra steps which people are not necessarily doing during testing so they might not realise