Mautic problem with Access-Control-Allow-Origin

When I configure Mautic in “another” domain, I have this message.



Is bug? Have solution?



XMLHttpRequest cannot load http://materiais.ciadecomedia.com.br/mtc/event. Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://blog.ciadecomedia.art.br’ is therefore not allowed access.



POST http://materiais.ciadecomedia.com.br/form/submit?formId=1 500 (Internal Server Error)

app.js?v0fba60da:197 Uncaught DOMException: Blocked a frame with origin “http://materiais.ciadecomedia.com.br” from accessing a cross-origin frame.

at HTMLDocument. (http://materiais.ciadecomedia.com.br/media/js/app.js?v0fba60da:197:36)

at fire (http://materiais.ciadecomedia.com.br/media/js/libraries.js?v0fba60da:328:299)

at Object.fireWith [as resolveWith] (http://materiais.ciadecomedia.com.br/media/js/libraries.js?v0fba60da:333:198)

at Function.ready (http://materiais.ciadecomedia.com.br/media/js/libraries.js?v0fba60da:340:11)

at HTMLDocument.completed (http://materiais.ciadecomedia.com.br/media/js/libraries.js?v0fba60da:340:291)

(anonymous) @ app.js?v0fba60da:197

fire @ libraries.js?v0fba60da:328

fireWith @ libraries.js?v0fba60da:333

ready @ libraries.js?v0fba60da:340

completed @ libraries.js?v0fba60da:340




When I configure Mautic in “another” domain, I have this message.

Is bug? Have solution?

XMLHttpRequest cannot load http://materiais.ciadecomedia.com.br/mtc/event. Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://blog.ciadecomedia.art.br’ is therefore not allowed access.

POST http://materiais.ciadecomedia.com.br/form/submit?formId=1 500 (Internal Server Error)
app.js?v0fba60da:197 Uncaught DOMException: Blocked a frame with origin “http://materiais.ciadecomedia.com.br” from accessing a cross-origin frame.
at HTMLDocument. (http://materiais.ciadecomedia.com.br/media/js/app.js?v0fba60da:197:36)
at fire (http://materiais.ciadecomedia.com.br/media/js/libraries.js?v0fba60da:328:299)
at Object.fireWith [as resolveWith] (http://materiais.ciadecomedia.com.br/media/js/libraries.js?v0fba60da:333:198)
at Function.ready (http://materiais.ciadecomedia.com.br/media/js/libraries.js?v0fba60da:340:11)
at HTMLDocument.completed (http://materiais.ciadecomedia.com.br/media/js/libraries.js?v0fba60da:340:291)
(anonymous) @ app.js?v0fba60da:197
fire @ libraries.js?v0fba60da:328
fireWith @ libraries.js?v0fba60da:333
ready @ libraries.js?v0fba60da:340
completed @ libraries.js?v0fba60da:340

Unless Mautic and the site the form is being embedded on share the same domain name, check that X-Frame-Options is not set to SAMEORIGIN on the server running Mautic.

In Nginx, look for this line: add_header X-Frame-Options “SAMEORIGIN”;
In Apache, look for this line: Header always append X-Frame-Options SAMEORIGIN

Comment the line out, reload the web server, and try submitting the form again. No need to clear caches on either Mautic or the website.

1 Like