Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

segment.io javascript publish fails with a CORS error

I'm encountering a cross origin resource sharing (CORS) error when I try to load a webpage with the sample "getting started" javascript code from the segment.io website. Below is the html itself. I haven't set any headers on my play 2.1.3 server that's vending this page, but I assume that's not necessary because other users have assured me they have run this with no problems.:

<html>
<head>
<script type="text/javascript">
window.analytics=window.analytics||[],window.analytics.methods=["identify","group","track","page","pageview","alias","ready","on","once","off","trackLink","trackForm","trackClick","trackSubmit"],window.analytics.factory=function(t){return function(){var a=Array.prototype.slice.call(arguments);return a.unshift(t),window.analytics.push(a),window.analytics}};for(var i=0;i<window.analytics.methods.length;i++){var key=window.analytics.methods[i];window.analytics[key]=window.analytics.factory(key)}window.analytics.load=function(t){if(!document.getElementById("analytics-js")){var a=document.createElement("script");a.type="text/javascript",a.id="analytics-js",a.async=!0,a.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.io/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(a,n)}},window.analytics.SNIPPET_VERSION="2.0.9",
window.analytics.load("**my_key_here**");
window.analytics.page();
</script>
</head>
<body>
</body>
</html>

When I load this page with my browser, I see the following errors on the javascript console:

[Error] Failed to load resource: Origin http://localhost:9000 is not allowed by Access-Control-Allow-Origin. (p, line 0)
[Error] XMLHttpRequest cannot load http://api.segment.io/v1/p. Origin http://localhost:9000 is not allowed by Access-Control-Allow-Origin. (localhost, line 0)

Any ideas? Even on the segment.io site, there's no mention that CORS should be an issue just to publish events with the javascript client.

like image 948
pck.atl Avatar asked Aug 03 '14 13:08

pck.atl


People also ask

How do you fix a failed CORS?

To get rid of a CORS error, you can download a browser extension like CORS Unblock ↗. The extension appends Access-Control-Allow-Origin: * to every HTTP response when it is enabled. It can also add custom Access-Control-Allow-Origin and Access-Control-Allow-Methods headers to the responses.

What is CORS error in JavaScript?

If the CORS configuration isn't setup correctly, the browser console will present an error like "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at $somesite" indicating that the request was blocked due to violating the CORS security rules.

Why do CORS fail?

The error stems from a security mechanism that browsers implement called the same-origin policy. The same-origin policy fights one of the most common cyber attacks out there: cross-site request forgery. In this maneuver, a malicious website attempts to take advantage of the browser's cookie storage system.

What is CORS error status code?

If a server attempts to redirect a CORS request to a URL that contains this form of username and password then the request will fail. Typically the server will have returned a status code of 301 , 302 , 307 or 308 and the rejected URL will have been specified in the Location response header.


1 Answers

It could be a browser extension that blocks tracking scripts. Do you have one installed? For example, I was using Disconnect on Chrome and was experiencing a similar error until I whitelisted my site.

The error I was seeing was XMLHttpRequest cannot load http://api.segment.io/v1/i. The request was redirected to a URL ('about:blank') which has a disallowed scheme for cross-origin requests.

like image 115
joegoldbeck Avatar answered Sep 28 '22 19:09

joegoldbeck