Issue CORS error and Error 428

[katzdavid10]

Server operating system version

Ubuntu 22.04.3 LTS

Plesk version and microupdate number

Plesk Obsidian v18.0.54_build1800230824.08 os_Ubuntu 22.04

Hello,

I'm facing CORS errors and Code 428 when I'm trying to reach data from my backend who is in subdomain. The frontend is accessible by temporary (technical) domain.

Can you please help me to solve this problem I'm facing on my two plesk servers. I tried a lot of solutions I found on this forum but, the problem persist.

Regards,
David KATZ

 

[Peter Debik]

Have you followed the steps described in https://support.plesk.com/hc/en-us/...s-origin-resource-sharing-in-Plesk-for-Linux- ?

 

[johnm]

@Peter Debik I am having the same issue.

Here is a simple example file in my Plesk installation: https://brave-elion.20-100-198-70.plesk.page/jsontest.php

As you can see Access-Control-Allow-Origin header is set to * when this file is served normally. However, if I use the URL in a XHR request from a different domain, I get a 428 saying that no Access-Control-Allow-Origin header is present on the resource. I have also tried setting a specific domain in the header instead of *, but same result.

I have followed the steps described in https://support.plesk.com/hc/en-us/...s-origin-resource-sharing-in-Plesk-for-Linux-
(currently using the additional directive in nginx option)

I have tried setting the header several places (only one at a time):
- Apache additional directive in Plesk
- Nginx additional directive in Plesk
- Setting the header manually in the PHP-script
All of these produce the header when only loading the example file, but not through XHR.

And when serving this file on a totally different web server (not in Plesk), it works.

Could there be any other settings than the ones described in the documentation? Or is there anywhere I could trace further what's going on here?

 

[katzdavid10]

Yes, I followed this steps but the problem persists.

You know, I'm using temporary domaine. When I'm sending a request, the answer is a warning page asking to mark the domain as trusted. But I can't validate.
The domain is a technical domain only.

A technical domain is designed for testing the operation and functionality of a website. Such domains are never used for original and live websites, even if they claim to be so. If you are trying to open the website using a link from the Internet or from an email, we recommend that you proceed with caution.

Mark this domain as trusted and do not show this message for 90 days.

Do you hear about this problem ?

 

[Peter Debik]

It is thinkable that this issue occurs with the temporary domains, because the warning message is inserted by the web server and the error code is returned as is, that is correct. Please bear in mind: It is a free, temporary test domain. Can you actually reproduce the issue with a real domain in real, live operations?

 

[johnm]

It seems you are right! When pointing a real domain it works. Very strange, I thought the temporary domains were a common way of setting up new domains in Plesk.

 

[Kaspar]

[...] I thought the temporary domains were a common way of setting up new domains in Plesk.

They are. However there are some limitations, such as the Access-Control restriction.