I am working on a wordpress website and I have installed mautic plugin into the website. Now issue is that I am getting the following error in the console. Cloud flare is also enabled.
Access to XMLHttpRequest at 'https://mautic.my-domain.com/mtc/event' from origin 'https://www.my-domain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I have tried different solutions for the issue but never get rid of this error.
I have tried by removing the trailing slash (/) from the domain name.
I have also used the " Header set Access-Control-Allow-Credentials: true Header set Access-Control-Allow-Origin 'https://www.my-domain.com' "
I have read many threads here at stack overflow, github and mautic forum but Still looking for the solution. Please help in this regard and thank you in advance
In Mautic
Configurations > System Settings > CORS Settings
either set it to NO in order to not restrict domains,
or set it to YES and Add domain you want to allow.
Related
I currently use Akamai as a CDN for my app, which is served over multiple subdomains.
I recently realized that Akamai is caching CORS requests the same, regardless of the origin from which they were requested.
This of course causes clients that make requests with a different Origin than the cached response to fail (since they have a different response header for Access-Control-Allow-Origin than they should)
Many suggest supplying the Vary: Origin request header to avoid this issue, but according to Akamai's docs and this Akamai community post, this isn't supported by Akamai.
How can I force Akamai to cache things uniquely by Origin if an Origin header is present in the request?
I did some research, and it appears this can be done by adding a new Rule in your Akamai config, like so:
Note that if you do this - REMEMBER - this changes your cache key at Akamai, so anything that was cached before is essentially NOT CACHED anymore! Also, as noted in the yellow warning labels, this can make it harder to force reset your cache using Akamai's url purging tools. You could remove the If block, and just include Origin header as a similar Cache ID Modification rule too, if you were ok with changing the cache key for all your content that this rule would apply to.
So in short, try this out on a small section of your site first!
More details can be found in this related post on Stack Overflow
We have hosted an API on Akamai. I had similar requirement, but we wanted to use the cached response on Akamai for all the touchpoints. But without CORS settings, it used to cache the response from first origin, and then keep it in cache, and the following requests from other touch points use to fail due to cached origin header.
We solved the problem with using API Gateway feature provided by Akamai. You can find it under API Definition. Custom cache parameters can also be defined here. Please see the screen shot for the CORS settings. Now it cached the response from backend and serve to the requester as per the allowed origin list.
CORS Setting in API Definition
I was hired to write a wordpress plugin which involves an ajax request to the website's eventespresso api.
I got it working fine locally (calling the live site's api from my local server), but when I activate the plugin on the live site, it throws:
Failed to load http://example.com/wp-json/ee/v4.8.36/events: The
'Access-Control-Allow-Origin' header has a value 'http://opt.local'
that is not equal to the supplied origin. Origin
'http://www.example.com' is therefore not allowed access.
My local domain is "http://opt.local", and the live site is http://example.com.
This error suggests to me that it only wants to allow access from my local setup, and not from the live site, which isn't even cross origin! Maybe I caused it to cache the wrong thing in development?
So a few more tests revealed that the cors settings are correct for everything except the specific route I need.
> curl -I "http://example.com/wp-json"
Access-Control-Allow-Origin: http://example.com
> curl -I "http://example.com/wp-json/ee/v4.8.36"
Access-Control-Allow-Origin: http://example.com
> curl -I "http://example.com/wp-json/ee/v4.8.36/events"
Access-Control-Allow-Origin: http://opt.local
I was able to make it work by using ee/v4.8.35 (a lower api patch version) but hopefully, there is a better solution.
I helped develop the EE4 REST API.
Ya it sounds like some issue where the webserver or a proxy or something is caching the Access-Control-Allow-Origin header.
There's no code in the EE4 REST API that controls that header, that's actually handled by the WP API (on which the EE4 REST API is built).
The relevant code is in wp-includes/rest-api.php in the function rest_send_cors_headers(). That calls get_http_origin(), whose value can be filtered using the filter http_origin.
So you might want to try adding something like
function my_plugin_force_correct_http_origin($http_origin) {
return 'http://example.com';
}
add_filter('http_origin', 'my_plugin_force_correct_http_origin');
that will ensure the PHP code is sending the correct Access-Control-Allow-Origin header.
If that doesn't resolve the issue, I would verify rest_send_cors_headers() is getting called at all (you could temporarily put a line like echo 'called rest_send_cors_headers!';die; inside that function to check).
If it is getting called, and my suggested filter doesn't help, you could try tagging your question with 'wordpress-rest-api'. Also, I would be curious to see if http://example.com/wp-json/ee/v4.8.36/events?limit=50 has the same problem.
So, I have this WP installed on Heroku and I've installed Ninja forms to it. Despite everything working OK locally, when I push it to Heroku, the form is not submited and I receive this error through the Chrome's Console:
Failed to load https://ratts.com.br/wp-admin/admin-ajax.php: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://ratts.com.br' is therefore not allowed
access. The response had HTTP status code 503.
It's worthy to mention that this error is only delivered when I access the page via http, but when I access the page trough https the form works just fine, due to what I think to be a CORS problem. Anyone has any idea about how can I solve this issue? It have been three days of unsuccessful research already... rsrs
I believe that http to https for the same domain is still considered CORS. You need to make sure all traffic is redirected from http to https. Take a look at this thread.
First of all those similars questions does not fit my situation, I've tried all the .htaccess solutions already.
I have a WordPress site (A) which handles the reservation form, and the form submit to another server (B) which handle the data (as well as follow up customer and payment), after the submission success I need to redirect to thanks-you page in A. but this happens
XMLHttpRequest cannot load B. Redirect from 'B' to 'A/thanks-you/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'A' is therefore not allowed access.
I understand that by setting the response header from B will fix the issue, but I don't have access to it. (Already tested)
So my question is it possible to work on server A to fix this?
Thanks for all the comments and answer.
This CORS issue is troubling many, try below option it may help you.
Just changed Origin URL from http to https and issue resolved in my case. There is another way to fix an issue too.
REF : https://crunchify.com/how-to-fix-access-control-allow-origin-issue-for-your-https-enabled-wordpress-site-and-maxcdn/
just add below line into your .htaccess file.
Header set Access-Control-Allow-Origin "*"
I have a server and a domain B pointing to it. Recently I bought a new domain A and did a redirection to B. I removed A because this error started appearing when loading fonts.
Redirect from 'A' has been blocked by CORS policy:
No 'Access-Control-Allow-Origin' header is present
on the requested resource. Origin 'B' is therefore not allowed access.
I understand that server where A is pointing must be configured to have 'Access-Control-Allow-Origin' origin but domain A only was a redirection which I did on my hosting so there is no server that I have access to, to do this. I have already removed server A to redirect to B.
How is this solved?
Edit:
Both domains were bought from godaddy, server is hosted in aws and I have already modified the .htaccess to set the geaders accordingly but no luck.
Add following code to .htaccess of Origin B if you have control over origin B
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
You can also edit that code according to your need.