TensorFlow model CORS issues

Sorry, new here and not sure if this is the right place to post but I’m going to throw it out here in case anyone can help.

Created a project almost a year ago that uses TensorFlow models. All has been working fine up until this morning. Suddenly our application has started getting errors to fetch models at the following URLs:

  • tfhub.dev/tensorflow/tfjs-model/blazeface
  • tfhub.dev/tensorflow/tfjs-model/facemesh
  • tfhub.dev/tensorflow/tfjs-model/iris

The errors that are being thrown look like CORS errors followed up by a 403. The files our project are attempting to access are all retrievable by a web browser, so I know they didn’t get removed.

I did notice that the urls are being redirected in the browser, so for instance:

This is happening both in a local development environment as well as in a deployed/hosted environment.

Has anyone else experienced this? Can someone shed some light on what might have changed between yesterday and today that would cause us these CORS/403 errors?



Answering my own question in case anyone else comes across this.

We started debugging requests in Postman and found that the models were retrievable in certain conditions. Open an issue with the TensorflowHub team on their GitHub page. Later received response from someone on their team that there was an intermittent issue, asking us to retest. After seeing the message and retesting, all the applications mentioned in the first post were working as expected.

@lgusm FYI is this a Hub issue - can you check with the hub team that this is resolved or have a Kaggle alternative?

The issue appears to be fixed by now

1 Like

Looks like the issue has reopened.

I am trying to fetch blazeface model and the request is being redirected to
the same link posted by @pj_qb which is throwing CORS.

@abdul_qhayum are you getting 403 errors?

I am receiving a status code of 200 but encountering a CORS error just like the one you did @pj_qb

Access to fetch at ‘https://storage.googleapis.com/tfhub-tfjs-modules/tensorflow/tfjs-model/blazeface/1/default/1/model.json’ (redirected from ‘https://tfhub.dev/tensorflow/tfjs-model/blazeface/1/default/1/model.json?tfjs-format=file’) from origin ‘MY NGROK ORIGIN’ has been blocked by CORS policy: The ‘Access-Control-Allow-Origin’ header has a value ‘MY NGROK ORIGIN’ that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

fwiw, my project is not having issues at the moment locally or in testing environments.

One of the ways we were able to troubleshoot more effectively is capturing requests from DevTools in Chrome, copying the request in cURL format, and then moving the cURL requests to Postman. Once we had this in place, we were modifying headers and realized that the file was still available but we were getting access denied errors. I know that isn’t what you’re getting but maybe it could be helpful for your case, so wanted to offer as an idea.

1 Like

@lgusm It appears the fix is partial or intermitted - can you escalate on your side - im seeing similar problems across the web eg on reddit etc too.

is this problem still happening?
can someone update please?

Asking because we’ve been monitoring the logs for this specific error and it didn’t happen for a while
any updates would be helpful

1 Like

No issues that I’m aware of from my projects.

This error occured again. Today I’m experiencing it.

I am experiencing the same issue, right now, any solutions?

Having cors issues over on Codepen. One day it was fine the next I have error:

Access to fetch at 'https://www.kaggle.com/models/mediapipe/face-landmarks-detection/frameworks/tfJs/variations/attention-mesh/versions/1/model.json?tfjs-format=file&tfhub-redirect=true' (redirected from 'https://tfhub.dev/mediapipe/tfjs-model/face_landmarks_detection/attention_mesh/1/model.json?tfjs-format=file') from origin 'https://cdpn.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.