<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, May 28, 2020 at 6:11 PM Francis Daly <<a href="mailto:francis@daoine.org">francis@daoine.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Thu, May 28, 2020 at 12:50:34PM +0530, Kaushal Shriyan wrote:<br>
<br>
Hi there,<br>
<br>
> Access to XMLHttpRequest at ‘<br>
> > <a href="https://tmobilereactdrupal.mydomain.com:8080/oauth/token" rel="noreferrer" target="_blank">https://tmobilereactdrupal.mydomain.com:8080/oauth/token</a>’ from origin ‘<br>
> > <a href="https://tmobilereactdrupal.mydomain.com" rel="noreferrer" target="_blank">https://tmobilereactdrupal.mydomain.com</a>’ has been blocked by CORS policy:<br>
> > No ‘Access-Control-Allow-Origin’ header is present on the requested<br>
> > resource.<br>
<br>
In your "drupal" nginx config, if the request is handled in the "php"<br>
location, there is no Access-Control-Allow-Origin header added.<br>
<br>
You might want the "add_header" line there instead.<br>
<br>
Good luck with it,<br>
<br>
f<br><br></blockquote><div><br></div><div>Hi Francis</div><div><br></div><div>I have added <i>add_header 'Access-Control-Allow-Origin' 'origin-list';</i> in the drupal Nginx config (/etc/nginx/conf.d/drupalbackend.conf)</div><div><br></div><div>#cat /etc/nginx/conf.d/drupalbackend.conf</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> server {<br> listen 8080 default_server ssl;<br> #listen 80 default_server;<br> #listen [::]:80 default_server;<br> server_name _;<br> root /var/www/html/devportal-v2/developer_portal/web;<br> index index.php index.html index.htm;<br> ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key /etc/ssl/privkey1.pem;<br> if ($scheme = http) { return 301 https://$server_name$request_uri; }<br> ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;<br> ssl_prefer_server_ciphers on;<br> ssl_dhparam /etc/ssl/dhparam.pem;<br> # HSTS (ngx_http_headers_module is required) (63072000 seconds)<br> add_header Strict-Transport-Security "max-age=63072000" always;<br> #OCSP stapling<br> ssl_stapling on;<br> ssl_stapling_verify on;<br> client_max_body_size 100M;<br> # Load configuration files for the default server block.<br> include /etc/nginx/default.d/*.conf;<br><br> location / {<br> index index.php;<br> <b>add_header 'Access-Control-Allow-Origin' 'origin-list';</b><br> # This is cool because no php is touched for static content<br> try_files $uri $uri/ @rewrite;<br> expires max;<br> }<br> location @rewrite {<br><b> add_header 'Access-Control-Allow-Origin' 'origin-list';</b><br> # Some modules enforce no slash (/) at the end of the URL<br> # Else this rewrite block wouldn't be needed (GlobalRedirect)<br> rewrite ^/(.*)$ /index.php?q=$1;<br> }<br><br> ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key /etc/ssl/privkey1.pem;<br> location ~ \.php$ {<br> #try_files $uri =404;<br> <b>add_header 'Access-Control-Allow-Origin' 'origin-list';</b><br> fastcgi_split_path_info ^(.+\.php)(/.+)$;<br> fastcgi_pass unix:/run/php-fpm/www.sock;<br> fastcgi_index index.php;<br> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;<br> include fastcgi_params;<br> }<br> error_page 404 /404.html;<br> location = /40x.html {<br> }<br> error_page 500 502 503 504 /50x.html;<br> location = /50x.html {<br> }<br> }</blockquote><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">[root@nginx]# nginx -t -c /etc/nginx/nginx.conf<br>nginx: the configuration file /etc/nginx/nginx.conf syntax is ok<br>nginx: configuration file /etc/nginx/nginx.conf test is successful<br>[root@nginx]#</blockquote><div><br></div><div>I am still encountering the same issue. </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Access to XMLHttpRequest at '<a href="https://tmobilereactdrupal.mydomain.com:8080/oauth/token">https://tmobilereactdrupal.mydomain.com:8080/oauth/token</a>' from origin '<a href="https://tmobilereactdrupal.mydomain.com">https://tmobilereactdrupal.mydomain.com</a>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.<br>POST <a href="https://tmobilereactdrupal.mydomain.com:8080/oauth/token">https://tmobilereactdrupal.mydomain.com:8080/oauth/token</a> net::ERR_FAILED</blockquote><div><br></div><div><div>Please let me know if you need any additional information. I look forward to hearing from you. Thanks in advance.</div><div><br></div><div>Best Regards,</div><div><br></div><div>Kaushal</div></div><div><br></div></div></div>