mixpanel-js icon indicating copy to clipboard operation
mixpanel-js copied to clipboard
verified publisher icon mixpanel

mixpanel-browser gets blocked by CORS policy

Open alamorre opened this issue 5 years ago • 5 comments

The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'

This error occurs both locally and on my production site.

This seems like a bug given that the code is very easy to follow.

I could be wrong though...

alamorre avatar Mar 19 '20 16:03 alamorre

Haven't heard of this happening before. The tracking API returns a specific origin for Access-Control-Allow-Origin; can you provide some request/response details on when you're getting * back? Not entirely sure but it might happen for request failures e.g. if the API returns a 500.

tdumitrescu avatar Mar 19 '20 16:03 tdumitrescu

It appears browser specific. This failure is occurring in Brave but passes on Safari - exact same code and origin...

I'll look into it but it's a unique error given I'm the only one raising this issue.

alamorre avatar Mar 19 '20 17:03 alamorre

I also hit the error using Brave. Disabling Brave Shields on localhost is enough. I didn't test in production yet though

vtertre avatar Apr 06 '20 16:04 vtertre

I cannot tell you how often I forget about Brave shield being Up! Thank you for the prompt!

gertig avatar Apr 24 '20 15:04 gertig