Hello RPM Team,
We are using the Ready Player Me Unity SDK for our WebGL product. We’ve started encountering a CORS-related errors, and Ready Player Me has stopped functioning as expected.
Issue Description and API Failure Details
When loading a scene in WebGL, the iframe for the avatar selector and customizer loads successfully, and the avatars appear correctly. However, after selecting an avatar, when the actual avatar starts to load, the process initially receives proper responses from your server for various APIs. It then fails at the following API call:
https://models.readyplayer.me/67da8bfc4cd1f2b7be1a1648.json?tail=c6bd4fa9-f444-4877-8321-468b9aa4d84f
This particular API call is sent as a preflight request (OPTIONS method) by the browser, and your server responds with a 400 Bad Request. As a result, the corresponding fetch request is blocked due to a CORS policy error.
Notably:
- This same API call works fine in the Unity Editor.
- It also returns a valid JSON response when manually requested using the GET method.
- The issue arises only in an actual WebGL build, where your SDK manages the API call and the browser enforces the OPTIONS method preflight.
- The issue began approximately 12 hours ago (on Tuesday, April 29, 2025, around noon). Everything was functioning normally on Monday.
Unity version
We are using Unity 2021.3.14f1.
RPM Unity SDK Version
We are currently using version 4.0.1 of the SDK. However, users of version 7.3.1 are also experiencing the same CORS issue: community post for reference.
This is a major blocker for us, as WebGL is our primary platform. This CORS issue has effectively broken the core functionality for all our users. A prompt resolution would be greatly appreciated. Please let us know if you require any additional information to resolve this issue as quickly as possible. Thank you for your support!