Mautic, NGINX, CORS

Hello everyone,



I’m fighting with Mautic integration with my website. I use NGINX webserver, mautic is installed on subdomain https://ma.website.com. Mautic works okay, but mautic integration script on the main website cannot be run due to CORS errors:

Code:
Failed to load https://ma.website.com/index.php/mtc/event: The value of the 'Access-Control-Allow-Credentials' header in the response is 'true, true' which must be 'true' when the request's credentials mode is 'include'. Origin 'https://www.website.com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

My Mautic NGINX config:
Code:
server_name ma.website.com; listen *:443 ssl; root /var/www/vhosts/mautic;
ssl_certificate /etc/pki/certs/ma.website.com-bundle.crt;
ssl_certificate_key /etc/pki/certs/ma.website.com.key;

index index.php;

location / {

    try_files $uri $uri/ /index.php?$query_string;
}

sendfile off;

add_header 'Access-Control-Allow-Origin' 'https://www.website.com';
#add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept';
add_header 'Access-Control-Allow-Credentials' 'true';

location ~ .php$ {
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    fastcgi_index   index.php;
	fastcgi_pass    127.0.0.1:9000;
	include         fastcgi_params;
	fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
	fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
	fastcgi_intercept_errors on;
    fastcgi_buffer_size 16k;
    fastcgi_buffers 4 16k;
}

location ~ /.ht {
    deny all;
}


I tried different combinations, but it still doesn't work with NGINX. Does anyone has working solution for that?

Thank you in advance.

Hello everyone,

I’m fighting with Mautic integration with my website. I use NGINX webserver, mautic is installed on subdomain https://ma.website.com. Mautic works okay, but mautic integration script on the main website cannot be run due to CORS errors:

Failed to load https://ma.website.com/index.php/mtc/event: The value of the 'Access-Control-Allow-Credentials' header in the response is 'true, true' which must be 'true' when the request's credentials mode is 'include'. Origin 'https://www.website.com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

My Mautic NGINX config:

    server_name ma.website.com;
    listen *:443 ssl;
    root /var/www/vhosts/mautic;

    ssl_certificate /etc/pki/certs/ma.website.com-bundle.crt;
    ssl_certificate_key /etc/pki/certs/ma.website.com.key;

    index index.php;

    location / {

        try_files $uri $uri/ /index.php?$query_string;
    }

    sendfile off;
    
    add_header 'Access-Control-Allow-Origin' 'https://www.website.com';
	#add_header 'Access-Control-Allow-Methods' 'GET, POST, PATCH, PUT, OPTIONS';
	add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept';
	add_header 'Access-Control-Allow-Credentials' 'true';
	
    location ~ .php$ {
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_index   index.php;
		fastcgi_pass    127.0.0.1:9000;
		include         fastcgi_params;
		fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
		fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
		fastcgi_intercept_errors on;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
    }

    location ~ /.ht {
        deny all;
	}

I tried different combinations, but it still doesn’t work with NGINX. Does anyone has working solution for that?

Thank you in advance.

Try this…

add_header Access-Control-Allow-Origin *;

Thanks fususu, I tried this already and getting the following message:

Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'https://www.website.com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

You add it in the virtual host of that domain? Or the main nginx.conf? In the past I got the similar issue, I added it on the main nginx.conf instead of the virtual host nginx of singular domain. And this may help: https://stackoverflow.com/questions/43114750/header-in-the-response-must-not-be-the-wildcard-when-the-requests-credentia

Also try this if it helps: https://www.mautic.org/community/index.php/7126-cors-error-no-access-control-allow-origin-header-is-present/0

Thank you fususu for your help. I turned off CORS checking in Mautic configuration and everything is working fine now.

@jester Congratulation!


Nice to be here with you guys, let’s make a great community!
My blog: https://fususu.com/en/ My fb: https://fb.com/fususuvn