CORS issue on form submit

ayoubamine · October 22, 2021, 6:17pm

Your software
My Mautic version is: 4.0.1
My PHP version is: 7.4.18
My Database type and version is: MariaDB 10.5.9

Your problem
My problem is: I can’t send HTTP requests from my website to the Mautic form. I’m getting a CORS error. In Mautic I enabled the CORS with http://localhost:8080 (for testing purposes) and https://mydomain.com separated by a newline, but the same error.

My code:

const formData = new FormData()

formData.append('mauticform[formId]', '1')
formData.append('mauticform[email]', 'example@example.com')

axios
  .post('https://mydomain.com/form/submit?formId=1', formData)
  .then(() => {
    console.log('Done!')
  })
  .catch((err) => {
    console.log(err)
  })

Error message:

Access to XMLHttpRequest at 'https://mydomain.com/form/submit?formId=1' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

patrickeidemiller · October 22, 2021, 7:01pm

Hi,
Did you update your .htaccess in mautic root by adding

Header always unset X-Frame-Options

at the end?

ayoubamine · October 22, 2021, 7:49pm

Hello, thank you for your reply, I’m not very familiar with the .htaccess syntax, I added the following lines to the top of .htaccess file, but the same CORS error:

<IfModule mod_headers.c>
    Header always unset X-Frame-Options
</IfModule>

The form that I use in my website is not a Mautic form iframe, it’s an HTML form with an event listener to submit the form to Mautic with an HTTP POST request.

patrickeidemiller · October 22, 2021, 10:22pm

I went the Mautic/i-frame route as I found it way easier to build/maintain.

ayoubamine · October 22, 2021, 10:58pm

The HTML form + HTTP POST request makes the form customizable (custom design, custom validation, handling multi-language, and responsiveness, …) Is there any way to communicate with the Mautic form without the iframe?

patrickeidemiller · October 23, 2021, 4:45am

I’ve played around with using Integromat to post from a Facebook lead form to my Mautic lead form but haven’t really had the time to make that work. Both Mautic and Integromat forums say it can be done.

My use case was to have a single mautic entry point for multiple lead sources for the same campaign theme.

You could do the same with Integromat catching the POST/Submit and pushing it at the Mautic form, or maybe even directly if you know how to post the results of one form into another.

ayoubamine · October 23, 2021, 4:57pm

Finally, I solved the problem! I checked the source code of the Mautic form controller, and I figure out that Ajax requests are handled in a different way:

Add X-Requested-With to the request headers:

headers: {
  'X-Requested-With': 'XMLHttpRequest',
}

github.com

mautic/mautic/blob/7a5dd9c55c6bd53b77092da52d9f4cf5ac447369/app/bundles/FormBundle/Controller/PublicController.php#L41

    
      
          private $tokens = [];
          
          
/**
           * @return \Symfony\Component\HttpFoundation\RedirectResponse|Response
           */
          public function submitAction()
          {
              if ('POST' !== $this->request->getMethod()) {
                  return $this->accessDenied();
              }
              $isAjax        = $this->request->query->get('ajax', false);
              $form          = null;
              $post          = $this->request->request->get('mauticform');
              $messengerMode = (!empty($post['messenger']));
              $server        = $this->request->server->all();
              $return        = (isset($post['return'])) ? $post['return'] : false;
          
          
    if (empty($return)) {
                  //try to get it from the HTTP_REFERER
                  $return = (isset($server['HTTP_REFERER'])) ? $server['HTTP_REFERER'] : false;
              }

Add the mauticform[messenger] field to the form data:

formData.append('mauticform[messenger]', '1')

github.com

mautic/mautic/blob/7a5dd9c55c6bd53b77092da52d9f4cf5ac447369/app/bundles/FormBundle/Controller/PublicController.php#L44

    
      
           * @return \Symfony\Component\HttpFoundation\RedirectResponse|Response
           */
          public function submitAction()
          {
              if ('POST' !== $this->request->getMethod()) {
                  return $this->accessDenied();
              }
              $isAjax        = $this->request->query->get('ajax', false);
              $form          = null;
              $post          = $this->request->request->get('mauticform');
              $messengerMode = (!empty($post['messenger']));
              $server        = $this->request->server->all();
              $return        = (isset($post['return'])) ? $post['return'] : false;
          
          
    if (empty($return)) {
                  //try to get it from the HTTP_REFERER
                  $return = (isset($server['HTTP_REFERER'])) ? $server['HTTP_REFERER'] : false;
              }
          
          
    if (!empty($return)) {
                  //remove mauticError and mauticMessage from the referer so it doesn't get sent back

The full code:

axios
  .post(
    'https://mydomain.com/form/submit',
    {
      mauticform: {
        formId: 1,
        email: 'example@example.com',
        messenger: 1,
      },
    },
    {
      headers: {
        'X-Requested-With': 'XMLHttpRequest',
      },
    }
  )
  .then(() => {
    console.log('Done!')
  })
  .catch((err) => {
    console.log(err)
  })

iparker · September 30, 2023, 10:17am

Hello,

I also have an cors-error when I try to submit via javascript-code to a mautic form.

I tried your axios-code like this:

axios
    .post(
      'https://mymautic.de/form/submit',
      {
        mauticform: {
          formId: 16,
          messenger: 1,
          firstname: this.formData.firstName,
          lastname: this.formData.lastName,
          email: this.formData.email,
          organization: this.formData.organization,
        },
      },
      {
        headers: {
          'X-Requested-With': 'XMLHttpRequest',
        },
      }
    )
    .then(() => {
      console.log('Done!');
    })
    .catch((err) => {
      console.log(err);
    });

With this I get the following error:

Access to XMLHttpRequest at ‘https://mymautic.de/form/submit’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control’

I did not change anything on the mautic server side, for example htaccess or something.

When I try this from postman it works without any problem.

Any idea how to solve this?

Best regards,

Timo

iparker · September 30, 2023, 10:22am

One addition: When I add http://localhost:3000 to valid-cors-domains in mautic config it works!

I just don’t know if it’s good idea to do it this way.

Topic		Replies	Views
[RESOLVED] Setup CORS correctly Product Support	2	473	June 19, 2023
"Please wait" after submitting form Product Support mautic-4	4	500	December 11, 2021
CORS issue in API call Product Support	1	934	January 25, 2021
Form submit via ajax Development	7	1985	July 22, 2022
CORS issue on form submit? Product Support mautic-4	3	423	September 30, 2021

CORS issue on form submit

Related topics