Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Kaushal Shriyan
Hi,

I am running Nginx version: nginx/1.16.1 on CentOS Linux release 7.8.2003 (Core) and have hosted react.js javascript 16.13.1 and Drupal CMS Framework 8.7.8. 
https://tmobilereactdrupal.mydomain.com (react.js javascript 16.13.1) which in turn talks to https://tmobilereactdrupal.mydomain.com:8080 (drupal framework version 8.7.8). Both react js on port 443 (frontend) and drupal cms on port 8080 (backend) are running on the same Nginx webserver.

When I hit https://tmobilereactdrupal.mydomain.com (react.js framework frontend on the port 443) connects to https://tmobilereactdrupal.mydomain.com:8080 (Drupal CMS 8.7.8 backend on the port 8080)
I am encountering the below error in Developer tools console which is a plugin in the browser.

Access to XMLHttpRequest at ‘https://tmobilereactdrupal.mydomain.com:8080/oauth/token’ from origin ‘https://tmobilereactdrupal.mydomain.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I have attached both the Nginx config file for the react.js framework (frontend) and Drupal CMS 8.7.8 backend. Any help will be highly appreciated. I have added  add_header 'Access-Control-Allow-Origin' '*' always; in nginx.conf and is not honoring the settings. I look forward to hearing from you. Thanks in advance.

Best Regards,

Kaushal

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

reactjsnginx.conf (3K) Download Attachment
drupalcmsnginx.conf (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Francis Daly
On Thu, May 28, 2020 at 12:50:34PM +0530, Kaushal Shriyan wrote:

Hi there,

> Access to XMLHttpRequest at ‘
> > https://tmobilereactdrupal.mydomain.com:8080/oauth/token’ from origin ‘
> > https://tmobilereactdrupal.mydomain.com’ has been blocked by CORS policy:
> > No ‘Access-Control-Allow-Origin’ header is present on the requested
> > resource.

In your "drupal" nginx config, if the request is handled in the "php"
location, there is no Access-Control-Allow-Origin header added.

You might want the "add_header" line there instead.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Sam Henaghan
Hi this wasn’t me whatever I have been added or entered too please delete any information u have about me and any account in my name someone has hacked or made something of me

Sent from my iPhone

> On 28 May 2020, at 1:41 pm, Francis Daly <[hidden email]> wrote:
>
> On Thu, May 28, 2020 at 12:50:34PM +0530, Kaushal Shriyan wrote:
>
> Hi there,
>
>> Access to XMLHttpRequest at ‘
>>> https://tmobilereactdrupal.mydomain.com:8080/oauth/token’ from origin ‘
>>> https://tmobilereactdrupal.mydomain.com’ has been blocked by CORS policy:
>>> No ‘Access-Control-Allow-Origin’ header is present on the requested
>>> resource.
>
> In your "drupal" nginx config, if the request is handled in the "php"
> location, there is no Access-Control-Allow-Origin header added.
>
> You might want the "add_header" line there instead.
>
> Good luck with it,
>
>    f
> --
> Francis Daly        [hidden email]
> _______________________________________________
> nginx mailing list
> [hidden email]
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Kaushal Shriyan
In reply to this post by Francis Daly


On Thu, May 28, 2020 at 6:11 PM Francis Daly <[hidden email]> wrote:
On Thu, May 28, 2020 at 12:50:34PM +0530, Kaushal Shriyan wrote:

Hi there,

> Access to XMLHttpRequest at ‘
> > https://tmobilereactdrupal.mydomain.com:8080/oauth/token’ from origin ‘
> > https://tmobilereactdrupal.mydomain.com’ has been blocked by CORS policy:
> > No ‘Access-Control-Allow-Origin’ header is present on the requested
> > resource.

In your "drupal" nginx config, if the request is handled in the "php"
location, there is no Access-Control-Allow-Origin header added.

You might want the "add_header" line there instead.

Good luck with it,

        f


Hi  Francis

I have added add_header 'Access-Control-Allow-Origin' 'origin-list'; in the drupal Nginx config (/etc/nginx/conf.d/drupalbackend.conf)

#cat  /etc/nginx/conf.d/drupalbackend.conf
    server {
        listen 8080 default_server ssl;
        #listen       80 default_server;
        #listen       [::]:80 default_server;
        server_name  _;
        root         /var/www/html/devportal-v2/developer_portal/web;
        index        index.php index.html index.htm;
        ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key /etc/ssl/privkey1.pem;
    if ($scheme = http) { return 301 https://$server_name$request_uri; }
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/dhparam.pem;
    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;
    #OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    client_max_body_size 100M;
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

         location / {
            index index.php;
            add_header 'Access-Control-Allow-Origin' 'origin-list';
    # This is cool because no php is touched for static content
            try_files $uri $uri/ @rewrite;
            expires max;
        }
        location @rewrite {
            add_header 'Access-Control-Allow-Origin' 'origin-list';
         # Some modules enforce no slash (/) at the end of the URL
         # Else this rewrite block wouldn&#39;t be needed (GlobalRedirect)
            rewrite ^/(.*)$ /index.php?q=$1;
        }

        ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key /etc/ssl/privkey1.pem;
        location ~ \.php$ {
            #try_files $uri =404;
            add_header 'Access-Control-Allow-Origin' 'origin-list';
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/run/php-fpm/www.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
      }
        error_page 404 /404.html;
            location = /40x.html {
        }
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

[root@nginx]# nginx -t -c /etc/nginx/nginx.conf
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx]#

I am still encountering the same issue. 

Access to XMLHttpRequest at 'https://tmobilereactdrupal.mydomain.com:8080/oauth/token' from origin 'https://tmobilereactdrupal.mydomain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
POST https://tmobilereactdrupal.mydomain.com:8080/oauth/token net::ERR_FAILED

Please let me know if you need any additional information. I look forward to hearing from you. Thanks in advance.

Best Regards,

Kaushal


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Francis Daly
On Thu, May 28, 2020 at 08:16:43PM +0530, Kaushal Shriyan wrote:
> On Thu, May 28, 2020 at 6:11 PM Francis Daly <[hidden email]> wrote:
> > On Thu, May 28, 2020 at 12:50:34PM +0530, Kaushal Shriyan wrote:

Hi there,

> > In your "drupal" nginx config, if the request is handled in the "php"
> > location, there is no Access-Control-Allow-Origin header added.
> >
> > You might want the "add_header" line there instead.

> I have added *add_header 'Access-Control-Allow-Origin' 'origin-list';* in
> the drupal Nginx config (/etc/nginx/conf.d/drupalbackend.conf)

> [root@nginx]# nginx -t -c /etc/nginx/nginx.conf
> > nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
> > nginx: configuration file /etc/nginx/nginx.conf test is successful

Presumably that file does "include" the file you modified?

> I am still encountering the same issue.
>
> Access to XMLHttpRequest at '
> > https://tmobilereactdrupal.mydomain.com:8080/oauth/token' from origin '
> > https://tmobilereactdrupal.mydomain.com' has been blocked by CORS policy:
> > No 'Access-Control-Allow-Origin' header is present on the requested
> > resource.
> > POST https://tmobilereactdrupal.mydomain.com:8080/oauth/token
> > net::ERR_FAILED

What headers are present in the response to that POST request?

Does the drupal-nginx log file show that the request was received
by nginx?

Cheers,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx