CORS Problems out of the Blue

Never worked with NGINX config before. I learned of this by Googling to see if needed to be configured for CORS and read up that it does. I was curious myself.

From what read, this will open up to all domain if it added into the config

add_header Access-Control-Allow-Origin *;

Try that first and restart NGINX then test it. If that fixes it then replace it with a config that is specific to your domains only. One line per domain.

add_header Access-Control-Allow-Origin "";

1 Like

Did you clear Mautic cache after disabling CORS in configuration setting?

yes I did - thanks

I have tried both solutions above and nothing is working. Does not matter if I turn CORS off/ON change everything and still getting the console error:

Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values ',(', but only one is allowed.

It says only one is allowed, but before I was supporting multiple sites and using @joeyk Multidomain plugin as well.

I also found this post initially but nothing is helping here: Issues with CORS when trying to configure Mautic 3 and NGinx

and a good reference is : How to Enable CORS in Apache and Nginx?

However I have a hunch that Mautic is somehow ignoring these settings from the local.php file for some reason…

Send them a DM and see what they did to resolve it… I know post is old however doesn’t hurt to DM

Is it data exchange with a wp site? Any wordfence like evil plugin running?

Nope nothing bad is installed recently and no word fence… going to take a big chance and do an upgrade to 4.4.0 and see if that makes a difference.

We have 4.4.0 in production for couple of clients, no screaming yet.

updated to 4.4.0 and same behaviour.

Weird thing is the forms are showing, but on submit it just hangs

Console error:

Uncaught DOMException: Blocked a frame with origin "" from accessing a cross-origin frame.
    at HTMLDocument.<anonymous> (
    at mightThrow (
    at process (

So I have gone back to basics now.

I went and preview the form and filled it out inside mautic and got this.

Then I went and created a new form and everything worked on Preview.

I took the form and added it both using wp mautic short code and it did not work.

I added the javascript and on submit I get to the internal error page :“Uh oh! I think I broke it. If I do it again, please report me to the system administrator!”

Totally stumped on this one :frowning:

so I remmebered there was a post to hide the calendar which used myscript.js (How hide calendar menu item - #3 by robm)

So I went and put this back to the way it should be, i.e. original Mautic file and I am getting the following console error:

Failed to load resource: the server responded with a status of 500 () submit:1

In the log the only error I am seeing (and I am not sure this is related as this is a high traffic site) is the following:

2022/06/30 07:44:59 [error] 1325325#1325325: *11445 FastCGI sent in stderr: "PHP message: PHP Notice:  SessionHandler::gc(): ps_files_cleanup_dir: opendir(/var/lib/php/sessions) failed: Permission denied (13) in /var/www/mautic/vendor/symfony/http-foundation/Session/Storage/Handler/StrictSessionHandler.php on line 106" while reading response header from upstream, client:, server:, request: "PATCH /api/contacts/411274/edit HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: ""

Although I checked this contact id and it is an actual user so I do not think this error is related.

checking in Firefox and seeing the following in the console:

I have now taken the tracking code and put it on a different site that I know is tracking and I still get this error:

Failed to load resource: the server responded with a status of 500 () mtcevent

@joeyk ?

What is the event? Vanilla tracking code?

Does this point you any closer to your goal?
A new default Referrer-Policy for Chrome - strict-origin-when-cross-origin - Chrome Developers.

If you are getting error 500, I would check the ngnix error log. It may tell you something in there.

That error log would be part of the ngnix log on the server which is not part of Mautic. You would probably would need to ask your server administrator to give you the copy of the error log if you don’t have root access.

Firstly thank you for everyone that tried to she some light on the matter and help out here.

We found the problem and I have to say it was my fault.

A long time ago we installed the MakeWebBetter plugin and this plugin on Wordpress went and created a ton of new custom fields which inevitably caused issues with creating new fields.

When I wanted to add new fields I would have to go and delete one of the custom fields and my issue was I went and did this inside the database by dropping a column using the command

alter tables leads drop column mob_whatever

This in turn started causing the error, and I must have done this about two weeks ago, and what happened was when Mautic went and wanted to create a new lead it would not find the correct column and was throwing a CRITICAL error that I simply ignored:

Column not found: 1054 Unknown column 'mwb_newsletter_subs' in 'field lis

SO what I did was go into custom fields and delete these fields, and everything was working again.

No idea what the CORS error was and why it was throwing that, but this is what fixed up the problem.

It was a very uncomfortable day but I learnt a good lesson - Keep Calm and Read The Logs! Try and understand and isolate the issue.


Glad you got it all sorted and thanks for sharing the solution!

1 Like

I think we need to make this into a tshirt for the swag shop! Glad you got it sorted!

1 Like