I am working on a service that is consumed through AJAX from another domain.
I have domainA (the main domain where the service is hosted) and domainB which is A record pointing to a domainA.
The AJAX calls are working fine on domainA. Obviously no CORS headers are required.
On domainB the AJAX is failing because OPTIONS (Preflight) requests are not responding with the appropriate headers. I added the headers and the allowed origin domain but I found out that the request is not even reaching the server. I added logs for all incoming requests and none of them is OPTIONS.
I am not sure why the request is not proxied to the server.
Iâd appreciate any directions.
Steps:
Go to https://tickets.thesiyum.org/
Scroll down and select 1 ticket (the one with price of $36) and fill the group code: DY-11219-1001A
Submit the form and watch the console log.
The request gets sent, however the browser rejects the request with the following message
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://app.tixter.io/e/5/groupCheckout. (Reason: CORS header âAccess-Control-Allow-Originâ missing).
Iâd say youâd need to configure app.tixter.io with the appropriate Access-Control-Allow-Origin header.
Also, that topic is slightly beyond the scope of the forum here. The issue is not really Cloudflare related and the domain in question is not on Cloudflare.
Its probably better to take that to StackExchange and alike.
But they are not going through Cloudflare and thats the only point where Cloudflare could theoretically have some influence.
These requests hit your server directly and so there is either an issue with your JavaScript code or your server configuration. I cant tell you why you dont get the requests on your server, but as evident from your own screenshot as well as mine, the browsers do seem to send them and do seem to receive a response, which however is dismissed because of the missing header.
Using PostMan, I could successfully POST to my CF testing endpoint and I saw all the right CORS-required headers, but I was getting the exact same browser errors in Chrome 75.
It appears that OPTIONS requests need to be specifically handled and that there are different responses required for variations even within OPTIONS requestsâŚ