Welcome! Log In Create A New Profile

Advanced

Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

All files from this thread

File Name File Size   Posted by Date  
reactjsnginx.conf 2.7 KB open | download kaushalshriyan 05/28/2020 Read message
drupalcmsnginx.conf 2 KB open | download kaushalshriyan 05/28/2020 Read message
May 28, 2020 10:48AM
On Thu, May 28, 2020 at 6:11 PM Francis Daly <francis@daoine.org> wrote:

> On Thu, May 28, 2020 at 12:50:34PM +0530, Kaushal Shriyan wrote:
>
> Hi there,
>
> > Access to XMLHttpRequest at ‘
> > > https://tmobilereactdrupal.mydomain.com:8080/oauth/token’ from origin
> ‘
> > > https://tmobilereactdrupal.mydomain.com’ has been blocked by CORS
> policy:
> > > No ‘Access-Control-Allow-Origin’ header is present on the requested
> > > resource.
>
> In your "drupal" nginx config, if the request is handled in the "php"
> location, there is no Access-Control-Allow-Origin header added.
>
> You might want the "add_header" line there instead.
>
> Good luck with it,
>
> f
>
>
Hi Francis

I have added *add_header 'Access-Control-Allow-Origin' 'origin-list';* in
the drupal Nginx config (/etc/nginx/conf.d/drupalbackend.conf)

#cat /etc/nginx/conf.d/drupalbackend.conf

> server {
> listen 8080 default_server ssl;
> #listen 80 default_server;
> #listen [::]:80 default_server;
> server_name _;
> root /var/www/html/devportal-v2/developer_portal/web;
> index index.php index.html index.htm;
> ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key
> /etc/ssl/privkey1.pem;
> if ($scheme = http) { return 301 https://$server_name$request_uri; }
> ssl_ciphers
> ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
> ssl_prefer_server_ciphers on;
> ssl_dhparam /etc/ssl/dhparam.pem;
> # HSTS (ngx_http_headers_module is required) (63072000 seconds)
> add_header Strict-Transport-Security "max-age=63072000" always;
> #OCSP stapling
> ssl_stapling on;
> ssl_stapling_verify on;
> client_max_body_size 100M;
> # Load configuration files for the default server block.
> include /etc/nginx/default.d/*.conf;
>
> location / {
> index index.php;
> *add_header 'Access-Control-Allow-Origin' 'origin-list';*
> # This is cool because no php is touched for static content
> try_files $uri $uri/ @rewrite;
> expires max;
> }
> location @rewrite {
> * add_header 'Access-Control-Allow-Origin' 'origin-list';*
> # Some modules enforce no slash (/) at the end of the URL
> # Else this rewrite block wouldn&#39;t be needed (GlobalRedirect)
> rewrite ^/(.*)$ /index.php?q=$1;
> }
>
> ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key
> /etc/ssl/privkey1.pem;
> location ~ \.php$ {
> #try_files $uri =404;
> *add_header 'Access-Control-Allow-Origin' 'origin-list';*
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> fastcgi_pass unix:/run/php-fpm/www.sock;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
> include fastcgi_params;
> }
> error_page 404 /404.html;
> location = /40x.html {
> }
> error_page 500 502 503 504 /50x.html;
> location = /50x.html {
> }
> }


[root@nginx]# nginx -t -c /etc/nginx/nginx.conf
> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
> nginx: configuration file /etc/nginx/nginx.conf test is successful
> [root@nginx]#


I am still encountering the same issue.

Access to XMLHttpRequest at '
> https://tmobilereactdrupal.mydomain.com:8080/oauth/token' from origin '
> https://tmobilereactdrupal.mydomain.com' has been blocked by CORS policy:
> No 'Access-Control-Allow-Origin' header is present on the requested
> resource.
> POST https://tmobilereactdrupal.mydomain.com:8080/oauth/token
> net::ERR_FAILED


Please let me know if you need any additional information. I look forward
to hearing from you. Thanks in advance.

Best Regards,

Kaushal
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Attachments

kaushalshriyan May 28, 2020 03:22AM

Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Francis Daly May 28, 2020 08:42AM

Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Sam Henaghan May 28, 2020 08:44AM

Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

kaushalshriyan May 28, 2020 10:48AM

Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Francis Daly May 28, 2020 07:24PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 160
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready