seo
seo copied to clipboard
ethercreative
CORS issue SEO:Failed to retrieve entry preview when baseCpUrl is different from site url
Description
Not able to load seo preview into the admin section on an entry. Working on same project in staging environment where admin and frontend are at the same domain. Get flash method "SEO:Failed to retrieve entry preview" and the SEO tab is not loading data associated with the entry. Getting CORS message in dev tools
Access to XMLHttpRequest at 'https://domain.com/entry?x-craft-preview=V7Hrro17x9&token=Whzf7MvYyRZnnJUH-KIS0Z0q3v3aOx8Z' from origin 'https://admin.domain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Header "Content-Security-Policy: frame-ancestors 'self' *.domain.com;" is present I don't want to set Access-Control-Allow-Origin to * for security reasons.
Is there any other solution you could suggest?
Steps to reproduce
Open an entry in the admin on a site where the baseCpUrl is set to a different url from the site url and check if seo data is being loaded.
Additional info
- Craft version: 3.7.26
- SEO version: 3.7.4
- PHP version: 7.4
- Database driver & version:
- Other Plugins:
Hi
Is there any update on this? Is it possible to have that admin and the frontend at different domains and still have the SEO preview working?
Just in case someone needs help with this one. You can allow CORS requests via
$request = Craft::$app->getRequest();
if (!$request->getIsConsoleRequest()) {
$origin = $request->getHeaders()->get('origin');
$response = Craft::$app->getResponse();
$headers = $response->getHeaders();
$headers->set('Access-Control-Allow-Methods', 'GET, PUT, PATCH, DELETE, HEAD, OPTIONS')
->set('Access-Control-Allow-Credentials', 'true')
->set('Access-Control-Allow-Origin', $origin);
}
