I have a main domain and a subdomain (where actual mautic is installed), unfortunately, I have a cross-origin HTTP request problem if mautic is setup within a subdomain. When I load the example.com I get the following errors in Safari Console:
Code:
Failed to load resource: Origin https://example.com is not allowed by Access-Control-Allow-Origin.
XMLHttpRequest cannot load https://subdomain.example.com/mtc. Origin https://example.com is not allowed by Access-Control-Allow-Origin.
Which make sense for security reason.
So, I add
Code:
header set Access-Control-Allow-Origin: https://example.com
to https://subdomain.example.com
Code:
/etc/httpd/conf/httpd.conf
file. Thanks to this
article about CORS on MDN. But, now I get the following error:
Code:
Failed to load resource: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
MLHttpRequest cannot load https://subdomain.example.com/mtc. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
Then, I add
Code:
header set Access-Control-Allow-Credentials: true
to
Code:
/etc/httpd/conf/httpd.conf
file. But I still get an error:
Code:
Failed to load resource: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
XMLHttpRequest cannot load https://subdomain.example.com/mtc. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
And, this is where I'm stuck, Can someone help me? Thanks in advance.
I have a main domain and a subdomain (where actual mautic is installed), unfortunately, I have a cross-origin HTTP request problem if mautic is setup within a subdomain. When I load the example.com I get the following errors in Safari Console:
Failed to load resource: Origin https://example.com is not allowed by Access-Control-Allow-Origin.
XMLHttpRequest cannot load https://subdomain.example.com/mtc. Origin https://example.com is not allowed by Access-Control-Allow-Origin.
Which make sense for security reason.
So, I add header set Access-Control-Allow-Origin: https://example.com to https://subdomain.example.com /etc/httpd/conf/httpd.conf file. Thanks to this article about CORS on MDN. But, now I get the following error:
Failed to load resource: Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
MLHttpRequest cannot load https://subdomain.example.com/mtc. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".
Then, I add header set Access-Control-Allow-Credentials: true to /etc/httpd/conf/httpd.conf file. But I still get an error:
Failed to load resource: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
XMLHttpRequest cannot load https://subdomain.example.com/mtc. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
And, this is where I’m stuck, Can someone help me? Thanks in advance.
I find the solution to this issue. What you need to do is set the Origin, Headers, and Credentials. I miss the “Headers” section which I didn’t specify in my httpd.conf. Here is the complete configuration:
Header set Access-Control-Allow-Origin: https://example.com
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
Header set Access-Control-Allow-Credentials: true
Farhadd, where exactly have you put this headers in httpd.conf? I tried putting these lines in the bottom of the document but with no success.