Mautic API with CORS error

Your software
My Mautic version is: 3.3.4
My PHP version is: PHP Version 7.3.33
My Database type and version is: postgres

Your problem
I’m trying to use the mautic api, is returning a 200 status code, but is giving me CORS error. Currently is hosted on aws and the logs aren’t showing any errors.

I already try to disable cors, clear cache, enable cors, add to the trusted domains, restart the docker container.

image

Hello, make sure that all the webs that are called are included in the CORS include list at configuration.

Go to “configuration > System settings” and in there there is a group called “CORS Settings”. In there, add all domains and variants. Only 2nd level domains, not subdomains or directories.
For example if you are using “mydomain.com” you should place “mydomain.com”, “http://mydomain.com”, “https://mydomain.com”, “https://www.mydomain.com” and “http://www.mydomain.com”.
Of course using all that domain variants is not the best practice and only the variant you are using should be placed there but in a project I had requests from several variants and was a pain so since then, I add all and I have no more CORS issues.

Also if you use some kind of firewall you might have problems.
For example, Wordfence from Wordpress blocks CORS sometimes, putting it in learning mode and do some testing might solve the issue (or manually adding the exceptions, but that doesn’t work always).

1 Like

Check that the Access-Control-Request-Headers is present on the OPTIONS request. Mautic only sets the CORS headers when it is present. Details.

If I remember it correctly, I had to explicitly set the header X-Requested-With to XMLHttpRequest.

E.g.:
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');

It worked, thanks for the help!

I’ve tried already, set the header did work for me

1 Like

its now working, i did this and also changed .htaccess to ```

<IfModule mod_headers.c>    
    SetEnvIf Origin "https://xxxx\.xxxxx\.com$" AccessControlAllowOrigin=$0
    Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    Header set Access-Control-Allow-Methods "GET,PUT,POST,DELETE"
    Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>

tried also adding support to apache. but i got this mmessage in wordpress site connected
[Error] TypeError: null is not an object (evaluating ‘header.offsetTop’)
Global Code (test.gremza.al:519)
[Error] Credentials flag is true, but Access-Control-Allow-Credentials is not “true”.
[Error] XMLHttpRequest cannot load https://lead.xxx/mtc/event due to access control checks.
[Error] Failed to load resource: Credentials flag is true, but Access-Control-Allow-Credentials is not “true”. (event, line 0)

Hello, maybe you haven’t yet added your authorized domains inside mautic.
settings>system settings>CORS settings