Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
Kaushal Shriyan
kaushalshriyan at gmail.com
Thu May 28 14:46:43 UTC 2020
On Thu, May 28, 2020 at 6:11 PM Francis Daly <francis at daoine.org> wrote:
> On Thu, May 28, 2020 at 12:50:34PM +0530, Kaushal Shriyan wrote:
>
> Hi there,
>
> > Access to XMLHttpRequest at ‘
> > > https://tmobilereactdrupal.mydomain.com:8080/oauth/token’ from origin
> ‘
> > > https://tmobilereactdrupal.mydomain.com’ has been blocked by CORS
> policy:
> > > No ‘Access-Control-Allow-Origin’ header is present on the requested
> > > resource.
>
> In your "drupal" nginx config, if the request is handled in the "php"
> location, there is no Access-Control-Allow-Origin header added.
>
> You might want the "add_header" line there instead.
>
> Good luck with it,
>
> f
>
>
Hi Francis
I have added *add_header 'Access-Control-Allow-Origin' 'origin-list';* in
the drupal Nginx config (/etc/nginx/conf.d/drupalbackend.conf)
#cat /etc/nginx/conf.d/drupalbackend.conf
> server {
> listen 8080 default_server ssl;
> #listen 80 default_server;
> #listen [::]:80 default_server;
> server_name _;
> root /var/www/html/devportal-v2/developer_portal/web;
> index index.php index.html index.htm;
> ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key
> /etc/ssl/privkey1.pem;
> if ($scheme = http) { return 301 https://$server_name$request_uri; }
> ssl_ciphers
> ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
> ssl_prefer_server_ciphers on;
> ssl_dhparam /etc/ssl/dhparam.pem;
> # HSTS (ngx_http_headers_module is required) (63072000 seconds)
> add_header Strict-Transport-Security "max-age=63072000" always;
> #OCSP stapling
> ssl_stapling on;
> ssl_stapling_verify on;
> client_max_body_size 100M;
> # Load configuration files for the default server block.
> include /etc/nginx/default.d/*.conf;
>
> location / {
> index index.php;
> *add_header 'Access-Control-Allow-Origin' 'origin-list';*
> # This is cool because no php is touched for static content
> try_files $uri $uri/ @rewrite;
> expires max;
> }
> location @rewrite {
> * add_header 'Access-Control-Allow-Origin' 'origin-list';*
> # Some modules enforce no slash (/) at the end of the URL
> # Else this rewrite block wouldn't be needed (GlobalRedirect)
> rewrite ^/(.*)$ /index.php?q=$1;
> }
>
> ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key
> /etc/ssl/privkey1.pem;
> location ~ \.php$ {
> #try_files $uri =404;
> *add_header 'Access-Control-Allow-Origin' 'origin-list';*
> fastcgi_split_path_info ^(.+\.php)(/.+)$;
> fastcgi_pass unix:/run/php-fpm/www.sock;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
> include fastcgi_params;
> }
> error_page 404 /404.html;
> location = /40x.html {
> }
> error_page 500 502 503 504 /50x.html;
> location = /50x.html {
> }
> }
[root at nginx]# nginx -t -c /etc/nginx/nginx.conf
> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
> nginx: configuration file /etc/nginx/nginx.conf test is successful
> [root at nginx]#
I am still encountering the same issue.
Access to XMLHttpRequest at '
> https://tmobilereactdrupal.mydomain.com:8080/oauth/token' from origin '
> https://tmobilereactdrupal.mydomain.com' has been blocked by CORS policy:
> No 'Access-Control-Allow-Origin' header is present on the requested
> resource.
> POST https://tmobilereactdrupal.mydomain.com:8080/oauth/token
> net::ERR_FAILED
Please let me know if you need any additional information. I look forward
to hearing from you. Thanks in advance.
Best Regards,
Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200528/40a7cb54/attachment-0001.htm>
More information about the nginx
mailing list