CORS Issues 4.4.4

mikew · January 4, 2023, 9:13am

Your software
My Mautic version is: 4.4.4
My PHP version is: 7.4
My Database type and version is: mariadb

Your problem
My problem is:

I am getting that mautic is being blocked by CORS policy when I have CORS enabled, however if I disable CORS I see no errors in the console log.

These errors are showing in the log:
In the console Log:

Access to XMLHttpRequest at 'https://mymauitc.com/mtc/event' from origin 'https://clientsite.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value ''.

mtc.js:9          POST https://mymauitc.com/mtc/event net::ERR_FAILED 200
MauticJS.makeCORSRequest @ mtc.js:9
m.deliverPageEvent @ mtc.js:86
m.sendPageview @ mtc.js:92
(anonymous) @ mtc.js:93
MauticJS.dispatchEvent @ mtc.js:11
value @ mtc.js:24
w.<computed> @ ?lang=en:136
window.onload @ ?lang=en:141
load (async)
(anonymous) @ ?lang=en:140

Steps I have tried to fix the problem:

I have confirmed that inside Configuration -? System Settings - CORS Settings:
Retrict Domains is toggled to Yes and inside Valid Domains, I have all variations of site to enable:
http://123site123.com
https://123site123.com
http://www.123site123.com
https://www.123site.com

I have also gone and confirmed that inside /var/www/mautic/app/config/local.php has the following:

'cors_restrict_domains' => 1,
        'cors_valid_domains' => array(
                '0' => 'http://site.com/',
                '1' => 'https://site.com/',
                '2' => 'http://www.site.com/',
                '3' => 'https://www.site.com/'
        ),

Inside web server mautic logs I am not seeing any errors only entries in the access log:

31.6.3.228 - - [04/Jan/2023:09:10:52 +0000] "GET /mtc.js HTTP/2.0" 200 100674 "https://www.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
31.6.3.228 - - [04/Jan/2023:09:10:55 +0000] "OPTIONS /mtc/event HTTP/2.0" 204 0 "https://www.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
31.6.3.228 - - [04/Jan/2023:09:10:55 +0000] "GET /mtracking.gif?page_title=Page%20-%20New%20One&page_language=en-US&preferred_locale=en_US&page_referrer= www.site.com&page_url=https%3A%2F%2F www.site.com%2Fpromotions%2F%3Flang%3Den&counter=0&timezone_offset=-120&resolution=1920x1080&platform=MacOS&do_not_track=false&timezone=Asia%2FJerusalem&mautic_device_id=79sdnlh8et1t1802zfei6zi&email=409%40tets.com&unique_player_id=10978368&tags=Triomphe HTTP/2.0" 200 43 "https://www.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"

mzagmajster · January 4, 2023, 12:32pm

Try whitelisting the domains on server (nginx, apache) level as well.

mikew · January 4, 2023, 1:44pm

hey @mzagmajster - thanks for the info.

Few things:

How would I do this on nginx ? do you have example of .conf file
Any idea why this could be happening, we usually have no issues with CORS on other instances.

patrickeidemiller · January 4, 2023, 6:31pm

I’ve also had this issue pop up from time to time and at the moment have one site that has a Cors issue and another that doesn’t and the sites appear to be configured exactly the same and haven’t been able to determine why.

Elsewhere in the forum, there is a note to update .htaccess in the mautic root to enable CORS as well, I’m sure a quick search will turn that up.

In my case, I’ve added new CNAMES for the domain that Mautic is on in DNS and that seems to have addressed the issue.

The primary reason I did it was for multi site tracking with 1st party cookies per @joeyk 's great video on why you should do this, but I believe it should also make the CORS issue go away permanently as well.

The video is well worth a watch.

In my case, I have Mautic on https://mymautic.com, which is completely different than the public facing domains.

I created CNAME DNS records as below and changed the site settings in Wordpress to use those new CNAME domains. All covered in Joey’s step by step in the video.

ie:
CNAME mautic.site1.com → mymautic.com
CNAME mautic.site2.com → mymautic.com

This seems to have resolved the issue.

kongocat · January 6, 2023, 2:26pm

Happens when cors is enabled,
and have you added the domians to the list near the cors setting?

mikew · January 8, 2023, 8:16am

Yes this was added, it seems to be an issue that occurs randomly with some setups

kongocat · January 9, 2023, 7:51pm

Last week I had a similar issue maybe even the same and after many tests I added this to the we.config of the IIS on windows server - it is like the htaccess.

It solved the problem.

    <cors enabled="true" failUnlistedOrigins="true">
        <add origin="https://*.example.com" allowCredentials="true" maxAge="120">
            <allowHeaders allowAllRequestedHeaders="true">
            </allowHeaders>
        </add>
    </cors>

Topic		Replies	Views
Issues with CORS when trying to configure Mautic 3 and NGinx Mautic 3 - Install/Upgrade Support	21	5748	February 25, 2022
CORS issue in API call Product Support	1	934	January 25, 2021
CORS Problems out of the Blue Product Support	26	1122	June 30, 2022
CORS issue on form submit Product Support mautic-3 , mautic-4	8	2550	September 30, 2023
"Please wait" after submitting form Product Support mautic-4	4	500	December 11, 2021

CORS Issues 4.4.4

Related topics