CORS issue although Access-Control header is present

Hi there,

I’m running into some CORS issues when attempting to implement ads through Monumetric.

I added the access-control-allow-origin header at my origin, however when I view my page I’m receiving a CORS error like this:

Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=1458' from origin 'https://direct.notateslaapp.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This can be tested at this URL:
https://www.notateslaapp.com/software-updates/version/2020.48.35/release-notes?ads=monumetric

Any idea what could be happening? Does this have to do with Cloudflare when retrieving content from the origin? Admittedly I’m not super familiar with CORS and how Cloudflare implements it.

Thanks for your help!

Apache or Nginx?

Have you got caching “on” in CloudFlare? If you have already visited the URl, or maybe the resource/URL was cached before you added the Access-Control-Allow_Origin header?

As I have checked now, I can see the HTTP header “access-control-allow-origin: *” is present and showing up.

I’m using Apache. Caching is also on in CloudFlare, but I made this change a week ago and edge cache is set to 1 hour.

I also see that the access-control-allow-origin header is properly being sent in the response and set to *, but if you look at the browser console it still shows errors with some resources like this one:

Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=1458' from origin 'https://www.notateslaapp.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

You can see that error in the console if you load this page:

Is it possible the error is coming from the resource that is being loaded?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.