Skip to main content
Solved

CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

  • October 29, 2021
  • 4 replies
  • 6034 views

Forum|alt.badge.img+2

Hello,

 

Using the legacy form and I’m having some trouble with CORS. I receive the following error message in the console: 

Access to XMLHttpRequest at 'https://manage.kmail-lists.com/subscriptions/subscribe' from origin 'https://mydomain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Here’s my form tag: 

<form action="//manage.kmail-lists.com/subscriptions/subscribe" data-ajax-submit="//manage.kmail-lists.com/ajax/subscriptions/subscribe" method="GET" target="_blank" data-form-email="" novalidate="">

I’ve also added the necessary JavaScript file in my header (per the legacy form docs):

<script type="text/javascript" src="//www.klaviyo.com/media/js/public/klaviyo_subscribe.js"></script>

And have even added this to my .htaccess file: 

#Begin Klaviyo CORS
Header set Access-Control-Allow-Origin 'https://manage.kmail-lists.com'
Header set Access-Control-Allow-Source-Origin 'https://mydomain.com'
#End Klaviyo CORS

But, to no avail, it simply does not work as the post request is blocked. 

I’ve also double checked to ensure the headers module is in fact enabled in apache. 

 

Anything I’m doing wrong?

Best answer by David To

Hey @Carnivore Jack Web Team,

On a closer looks, it looks like the error seems to be calling out https://manage.kmail-lists.com/subscriptions/subscribe. I may suggest using https://manage.kmail-lists.com/ajax/subscriptions/subscribe instead. Therefore, rather than the form tag you are currently using:

<form action="//manage.kmail-lists.com/subscriptions/subscribe" data-ajax-submit="//manage.kmail-lists.com/ajax/subscriptions/subscribe" method="GET" target="_blank" data-form-email="" novalidate="">

I would recommend the following:

<form action="//manage.kmail-lists.com/ajax/subscriptions/subscribe" method="POST" target="_blank" data-form-email="" novalidate="">

David

View original
Did this topic or the replies in the thread help you find an answer to your question?

4 replies

David To
Klaviyo Employee
Forum|alt.badge.img+60
  • Klaviyo Employee
  • 2456 replies
  • October 29, 2021

Hello @Carnivore Jack Web Team,

Thanks for sharing your question with the Klaviyo Community!

Do you happen to be running this code from your local machine/local environment? From my experience you’ll need to run this code from a public HTTPS site for the code to work. Some Community post that touch upon this can be found below:

I hope this helps!

David


Forum|alt.badge.img+2

Hi David,

 

This site is sitting on a public facing server that uses HTTPS. 
 

in my post I changed my domain to a generic domain in the header code etc. 


David To
Klaviyo Employee
Forum|alt.badge.img+60
  • Klaviyo Employee
  • 2456 replies
  • Answer
  • October 29, 2021

Hey @Carnivore Jack Web Team,

On a closer looks, it looks like the error seems to be calling out https://manage.kmail-lists.com/subscriptions/subscribe. I may suggest using https://manage.kmail-lists.com/ajax/subscriptions/subscribe instead. Therefore, rather than the form tag you are currently using:

<form action="//manage.kmail-lists.com/subscriptions/subscribe" data-ajax-submit="//manage.kmail-lists.com/ajax/subscriptions/subscribe" method="GET" target="_blank" data-form-email="" novalidate="">

I would recommend the following:

<form action="//manage.kmail-lists.com/ajax/subscriptions/subscribe" method="POST" target="_blank" data-form-email="" novalidate="">

David


Forum|alt.badge.img+2

Whoops! No idea how I missed that… thanks for pointing that out. 

 

This worked like a charm.