Re: Access to XMLHttpRequest has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Kaushal Shriyan kaushalshriyan at gmail.com
Thu May 28 14:46:43 UTC 2020


On Thu, May 28, 2020 at 6:11 PM Francis Daly <francis at daoine.org> wrote:

> On Thu, May 28, 2020 at 12:50:34PM +0530, Kaushal Shriyan wrote:
>
> Hi there,
>
> > Access to XMLHttpRequest at ‘
> > > https://tmobilereactdrupal.mydomain.com:8080/oauth/token’ from origin
>> > > https://tmobilereactdrupal.mydomain.com’ has been blocked by CORS
> policy:
> > > No ‘Access-Control-Allow-Origin’ header is present on the requested
> > > resource.
>
> In your "drupal" nginx config, if the request is handled in the "php"
> location, there is no Access-Control-Allow-Origin header added.
>
> You might want the "add_header" line there instead.
>
> Good luck with it,
>
>         f
>
>
Hi  Francis

I have added *add_header 'Access-Control-Allow-Origin' 'origin-list';* in
the drupal Nginx config (/etc/nginx/conf.d/drupalbackend.conf)

#cat  /etc/nginx/conf.d/drupalbackend.conf

>     server {
>         listen 8080 default_server ssl;
>         #listen       80 default_server;
>         #listen       [::]:80 default_server;
>         server_name  _;
>         root         /var/www/html/devportal-v2/developer_portal/web;
>         index        index.php index.html index.htm;
>         ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key
> /etc/ssl/privkey1.pem;
>     if ($scheme = http) { return 301 https://$server_name$request_uri; }
>     ssl_ciphers
> ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
>     ssl_prefer_server_ciphers on;
>     ssl_dhparam /etc/ssl/dhparam.pem;
>     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
>     add_header Strict-Transport-Security "max-age=63072000" always;
>     #OCSP stapling
>     ssl_stapling on;
>     ssl_stapling_verify on;
>     client_max_body_size 100M;
>         # Load configuration files for the default server block.
>         include /etc/nginx/default.d/*.conf;
>
>          location / {
>             index index.php;
>             *add_header 'Access-Control-Allow-Origin' 'origin-list';*
>     # This is cool because no php is touched for static content
>             try_files $uri $uri/ @rewrite;
>             expires max;
>         }
>         location @rewrite {
> *            add_header 'Access-Control-Allow-Origin' 'origin-list';*
>          # Some modules enforce no slash (/) at the end of the URL
>          # Else this rewrite block wouldn't be needed (GlobalRedirect)
>             rewrite ^/(.*)$ /index.php?q=$1;
>         }
>
>         ssl_certificate /etc/ssl/fullchain1.pem; ssl_certificate_key
> /etc/ssl/privkey1.pem;
>         location ~ \.php$ {
>             #try_files $uri =404;
>             *add_header 'Access-Control-Allow-Origin' 'origin-list';*
>             fastcgi_split_path_info ^(.+\.php)(/.+)$;
>             fastcgi_pass unix:/run/php-fpm/www.sock;
>             fastcgi_index index.php;
>             fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
>             include fastcgi_params;
>       }
>         error_page 404 /404.html;
>             location = /40x.html {
>         }
>         error_page 500 502 503 504 /50x.html;
>             location = /50x.html {
>         }
>     }


[root at nginx]# nginx -t -c /etc/nginx/nginx.conf
> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
> nginx: configuration file /etc/nginx/nginx.conf test is successful
> [root at nginx]#


I am still encountering the same issue.

Access to XMLHttpRequest at '
> https://tmobilereactdrupal.mydomain.com:8080/oauth/token' from origin '
> https://tmobilereactdrupal.mydomain.com' has been blocked by CORS policy:
> No 'Access-Control-Allow-Origin' header is present on the requested
> resource.
> POST https://tmobilereactdrupal.mydomain.com:8080/oauth/token
> net::ERR_FAILED


Please let me know if you need any additional information. I look forward
to hearing from you. Thanks in advance.

Best Regards,

Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200528/40a7cb54/attachment-0001.htm>


More information about the nginx mailing list