[Solved] Strange error attempting to verify Github account


I’ve been trying to verify my Github account and, well, I haven’t succeeded. I enter my username, create the gist, copy the link to the gist, and click verify. Nothing. I even tried resetting my browser and signing in and out of my Blockstack account.

Thinking maybe I could figure it out, I pulled up my dev tools and hopped over to the console. Lots of stuff is getting logged including this interesting (and potentially causal) warning:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://proofs.blockstack.org/validate/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

I don’t really know what’s going on here, but I hope someone else does. Thank you for your help!


Hi @axolotl
Could you post the details of your setup:

  • what OS and version?
  • how you are accessing Blockstack?

It is likely that the warning you posted does relate to the issue a similar result can be replicated by running Blockstack Browser on Linux but not starting the CORS proxy.
It will need some more troubleshooting, unless someone already has an answer?


Hi Craig,

I’m running Ubuntu 17.10 accessing Blockstack via the browser in both Firefox and Chrome.

The error I included in my initial post was from Firefox. Interestingly, I get a slightly different error in Chrome. It is as follows. Note: I added spaces to the included URLS because the forum won’t let me post multiple links.

Cross-Origin Read Blocking (CORB) blocked cross-origin response http s://proofs.blockstack.o rg/validate/ with MIME type text/html. See htt ps://www.chromestatus.co m/feature/5629709824032768 for more details.

POST http s://proofs.blockstack.o rg/validate/ 504 ()

Failed to load http s://proofs.blockstack.o rg/validate/: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http s://browser.blockstack.o rg’ is therefore not allowed access. The response had HTTP status code 504. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

Thank you for your help!


Hi @axolotl
I can confirm the same error when accessing browser.blockstack.org and trying to verify a Github account.
Please can you advise your username and your Identity Address in order to check that the Github proof is valid?


@aaron can you help with this?

A 504 gateway timeout error is sent from proofs.blockstack.org when making a curl request to the validate route.

I used the command:
curl -H "Content-Type: application/json" -d @data.json https://proofs.blockstack.org/validate

Where data.json consists of the request payload being sent by the Blockstack Browser to that URL.


Hi @Craig,

I’m not sure what you mean.

You wrote:

Please can you advise your username and your Identity Address in order to check that the Github proof is valid?

My username is as you see it: axolotl. It’s the same on Github. I’m not sure what identity address refers to in this case. Do you mean the public gist I created for verification? If so, here’s the link: https://gist.github.com/axolotl/a740e9a6376a943082bb920f2bb577f3


Hi @axolotl

On the profile page at browser.blockstack.org/profiles, in the middle of the page you should see something like the image below. I have highlighted the Username and Identity Address.


Username: axolotl.id.blockstack
Identity Address: ID-1EaubhMLkW4XpB3VJq4d5TWrBc55KNYM4v


The good news is that your Github Proof is valid. As shown by the JSON response from blockstack.js’s validateProof function:

[ { service: 'github',
proof_url: 'https://gist.github.com/axolotl/a740e9a6376a943082bb920f2bb577f3',
identifier: 'axolotl',
valid: true } ]

I think that the reason it is not showing as verified in the browser is because it isn’t getting that response from the validate URL at the moment.

Sorry I haven’t been able to get to the bottom of it. I will continue looking into it.


@Craig You understand this better than I do, so I appreciate the assistance.


Hey, thanks for finding this @Craig

There were a confluence of issues affecting this. First, subdomain names cause errors in our proof checking library currently (see issue https://github.com/blockstack/blockstack.js/issues/446), but this will be fixed in the next release.

Secondly, our proof checking library also currently throws some unhandled Promise rejections. This is also going to be fixed in the next release.

Those two bugs combined to produce 500s when people tried to validate with subdomain names. I patched that in the proof validator, so these errors shouldn’t be an issue on proofs.blockstack.org anymore.


@aaron I can confirm that your patch works for me and that I am now verified. Thank you!


@aaron you’re welcome! Thanks for resolving it so quickly.
@axolotl glad to hear it’s resolved! :grinning: