No 'Access-Control-Allow-Origin' header is present on the requested resource when using a pixel

Hi experts,

I have an online platform (audioteca.ro) where we promote online shops, Those shops needs to install a pixel (not Facebook pixel) so we can track orders. My domain is proxied by Cloudflare and for some reason I am not getting any analytics for the pixel due to the below error:

Access to XMLHttpRequest at ‘https://audioteca.ro/pixel/pageView’ from origin ‘https://www.soundhouse.ro’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
pixel.js:1 POST https://audioteca.ro/pixel/pageView net::ERR_FAILED 301

If I turn off proxy this error is fixed. This worked before with my domain proxied but for some reason for a couple of months my pixel is blocked with the mentioned error.

Since I was not able to create a ticket with Cloudflare support any advise will be highly appreciated.

Cheers

Some similar topics with possible solution to your issue and helpful information can be found here:

Check for any security settings, like Firewall Rules, or like if you have some IP / AS number / Country blocking setup.

Maybe you have to Whitelist Facebook by it’s AS number too (AS32934, AS63293) to make it work and Allow/Bypass the Security options set at Cloudflare dashboard for your domain.

Have you checked below Help Center from Facebook for Pixel already about it?:

Why not set it at your host origin / server via PHP or JavaScript, or either send it via your Web server (Nginx, Apache …)?:

PHP
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");

Nginx
add_header Access-Control-Allow-Origin *;

Is being redirected from to what?
From non-www to www or vice-versa?
How about HTTP to HTTPS or vice-versa?

Two domains here, do you own and can you manage both of them?
If yes, then kindly setup your origin Web server to allow requests from one domain to other and vice-versa.

I am afraid this could be the origin host / server issue at first sight, not the Cloudflare only.

1.The only firewall i have is blocking bots. We are not talking here about the Fb pixel, it is our own pixel
2.We are not talking here about the Fb pixel, it is our own pixel
3.Looking into it
4.My domain was initially without www. and now it is redirected to www.
5.I do not own all mentioned domains, only audioteca.ro the rest of the domains are my partners from where i gather the pixel information

@MoreHelp

The error message is telling you exactly what the problem is! There is no CORS response header on the HTTP response.

% curl --silent https://audioteca.ro/pixel/pageView -H "Origin: https://www.soundhouse.ro" --dump-header - -o /dev/null
HTTP/2 301
date: Thu, 21 Oct 2021 11:20:40 GMT
content-type: text/html
location: https://www.audioteca.ro/pixel/pageView
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 6a1a19148ac040f0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

CORS headers on 30x redirects are never going to work very well, so you should either not redirect that particular URL to www, or update the clients to use the final URL. Also, the location of the 301 heads to a 404, and again there is no CORS response header.

1 Like

thanks a lot michael, indeed the domain was configured without www and since google was not able to crawl the domain, it was redirected to www and problems appeared apparently. I will get in touch with my hosting team and dev team to see what we can do, cheers

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.