Magento – Magento 2 CORS issue

corsmagento2

I have multi store as well as multi domain in my magento site.

  • www.domain.nl
  • www.domain.be

the issue occurs in back-end (admin grid) when I want to filter products, orders, or customers.

the error says 

Access to XMLHttpRequest at 'https://www.domain.be/admin_12w5st/mui/index/render/key/' (redirected from 'https://www.domain.nl/admin_12w5st/mui/index/render/key/a65af72908ae41562210df6cbc370a9bf0d4ce996237d2a40aec7804fa8d3673/?namespace=customer_listing&search=&filters%5Bplaceholder%5D=true&filters%5Bentity_id%5D%5Bfrom%5D=1&filters%5Bentity_id%5D%5Bto%5D=2&paging%5BpageSize%5D=20&paging%5Bcurrent%5D=1&sorting%5Bfield%5D=entity_id&sorting%5Bdirection%5D=asc&isAjax=true') from origin 'https://www.domain.nl' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

enter image description here

here are my environment :

  • nginx
  • magento 2.2.9
  • php 7.0.33

I tried to put

add_header 'Access-Control-Allow-Origin' '*' 'always';
or without quote mark
add_header Access-Control-Allow-Origin *; in my server.headers file but still no luck, the issue still persist.

Does anyone have any idea? Thanks in Advance.

Best Answer

to check headers you can use Chrome extension or developer tools:

1 - HTTP Headers

2 - Press F12 in Chrome, then selecting Network > assets > Headers tab

full cors headers:

# Wide-open CORS config for nginx
 #
location / {
     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain; charset=utf-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
     }
}

https://cloud.google.com/endpoints/docs/grpc/custom-cors-nginx

https://enable-cors.org/server_nginx.html

Related Topic