Klever Web SDK ESM blocked by CORS — we’re self-hosting now. Did the CDN/config change?

Hi Klever team,

we’ve been loading the ESM build of the Klever Web SDK from sdk.kleverscan.org for a while. Starting today, browsers began blocking it with a CORS error, even though nothing changed on our side.

Our site (origin): https://playklever.games
SDK URL (previously): https://sdk.kleverscan.org/kleverchain-sdk-web-esm-1-0-x.js

Errors we see
Access to script at ‘``https://sdk.kleverscan.org/kleverchain-sdk-web-esm-1-0-x.js’
from origin ‘``https://playklever.games``’ has been blocked by CORS policy:
No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

and:

GET ``https://sdk.kleverscan.org/kleverchain-sdk-web-esm-1-0-x.js`` net::ERR_FAILED 200 (OK)

DevTools details

  • Script is loaded as ES module (type="module") → fetched in CORS mode.

  • Response is 200 OK, Content-Type: application/javascript.

  • No Access-Control-Allow-Origin header on the response (and none on redirect hops).

  • Result: browsers drop the response post-fetch.

To keep production stable, we’ve switched to self-hosting the file under our own domain (same-origin), i.e.:

import { web } from ‘/vendor/klever/kleverchain-sdk-web-esm-1-0-x.js’;

Questions:

  1. Did you change CDN/headers or caching rules on sdk.kleverscan.org for the ESM build?

  2. Is there an official, stable distribution path (CDN or npm) you recommend for the web ESM build?

  3. Could you restore/add the required CORS headers (at least Access-Control-Allow-Origin: * or per-origin) so cross-origin module loading works again?

  4. Do you provide versioning, changelogs, and checksums (e.g., semver tags, release notes, SHA256) so we can safely self-host and know when updates happen?

  5. Is there a preferred import (package name + entry file) we should use if we migrate to npm bundling?

What we need for reliability

  • A stable URL or npm package entry for the web ESM build.

  • Correct CORS headers on CDN responses for ESM usage.

  • Changelog & versioning so we can decide when to update our self-hosted copy.

Happy to provide full header screenshots or a minimal repro if needed. Thanks in advance for clarifying!

Greetings
Andreas

1 Like

Hello @Andreas_Hennersdorf!

Regarding the CORS block issue, we’re currently working with our security team to resolve this. I’ll circle back to you as soon as I have a definitive answer.

In the meantime, I wanted to ask: Are there any deployment constraints that require you to use the direct CDN source rather than npm packages? If possible, I’d recommend switching to our SDK npm package: https://www.npmjs.com/package/@klever/sdk-web
Using the npm package offers several advantages: Better version management flexibility, Your code ships with all dependencies bundled, No external connections required at runtime

I’m also concerned that you might be using a deprecated version (1-0-x.js) rather than our latest stable release. The npm package would help ensure you’re always on a supported version.

Let me know if you have any questions or need help with the migration!

@Andreas_Hennersdorf Could you please retest the previous URL? We’ve updated our CORS settings and it should now allow full cross-origin access.

1 Like

Hi @Andreas_Hennersdorf how have you been mate? Dude, could u please update us if all is working well from your side?

TY

Hey, sorry for the late reply… I’m sick and forgot about it. But yes, everything is working as usual again. Thank you very much for the fast support, as always.:raising_hands:

2 Likes