Android: JSON RPC error on opensea item

[ibrahimtaveras00]

This happens on Android only. There are some listings on opensea that show an error "Invalid JSON RPC response" such as this one = https://opensea.io/assets/0x4d3814d4da8083b41861dec2f45b4840e8b72d68/5583 thus making the buy now/make offer cta's non-selectable

Seen here = http://recordit.co/lk1gnjaljX

Also, when I do reload and have the option to tap either CTA, tapping it does nothing; = http://recordit.co/0tdDAQmA57

@omnat also had the same issue:

Steps to reproduce:

1. Open MetaMask mobile on an Android device (not sure this issue affects all Android devices).
2. Navigate to https://opensea.io/account.
3. Tap an NFT.
4. Tap Sell.
5. Tap Post You Listing

Expected behavior is that you’ll see something like this:

[rekmarks]

In my own testing, confirmed that this works on iOS and fails as described above with Android on latest develop. I believe I have found the issue. Several errors are thrown in the console on iOS, but in Android we see these HTTP-related errors, followed by a JSON RPC error (that's IMO probably not thrown by our code):

We can surmise that the iOS and Android browsers have different access control settings. I'm going to see what I can find, and reach out to the OpenSea team if all else fails.

Edit: This may just be a problem with React Native WebView and Android, and not specific to Ethereum or our implementation. See: https://stackoverflow.com/questions/11318703/access-control-allow-origin-error-at-android-4-1

Edit2: The above link is talking about making changes in the Java files of the project, however.

Edit3: More links. This is a security-sensitive issue, and we have to be careful about how we solve it:

• https://stackoverflow.com/questions/22479677/android-webview-access-control-allow-origin
• https://security.stackexchange.com/questions/43639/why-is-the-access-control-allow-origin-header-necessary
• https://hackernoon.com/a-practical-solution-for-cors-cross-origin-resource-sharing-issues-in-ionic-3-and-cordova-2112fc282664

Edit4: I think this is the API that's returning an invalid JSON RPC response: https://docs.alchemyapi.io/docs/alchemy-api-reference

[benjlevesque]

I'm getting HTTP POST calls blocked due to a CORS policy: missing No 'Access-Control-Allow-Origin' header is present on the requested resource. My API, however, has this header corretly set.

Using chrome debugger, I can see that the response of the OPTIONS call to my api contains no CORS header, but this instead: Client-Via: shouldInterceptRequest, which seems to be related to React Native WebView on Android, as mentionned by @rekmarks .

Is this the same issue mentionned here? will it fixed by #1427?
In the meantime, is there a way to disable this?

[fess-v]

I have the same issue with firebase firestore requests Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Requests are working correctly in all browsers (Chrome, Mozilla, iOS Safari), except Metamask android browser.