Adding nodes to the content tree results in a CORS error

Ben Buurstra asked on April 8, 2021 18:06

I have a client who is getting errors in only 1 of their 3 environments when trying to add nodes under the root node in Kentico v12.0.66. Their dev and production environments work flawlessly, but their stage environment is throwing the following error in the console: Access to XMLHttpRequest at 'https://stage.trustmarkbenefits.com/cmsctx/pv/bbuurstra/culture/en-US/wg/bd721ddc-55c2-4d89-88d7-6041d1b07cba/readonly/0/pts/637535207405068037/h/acc509c0ebaee6b325ea0a3ccab3676e2b62bde4ac3b7b6ec5ff9010ff11a7e9/-/Kentico.PageBuilder/PageTemplates/GetFiltered?uh=ee3d0a0efd6ad5aa00f8160815eb94b794acc69798ab02f5919e0fe6305a42fd&pagetype=TB.SmallHeroLandingNode&culture=en-US' from origin 'https://stageadmin.trustmarkbenefits.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Below are some screenshots of the network details for both the stage environment (the one that's failing), and the dev environment (one that is working) https://imgur.com/a/3eqMqCV

I have UsePreview(); and UseResourceSharingWithAdministration(); in my MVC site's startup, and I'm able to view existing pages via page builder no problem.

There's also a URL rewrite rule in place to "Lower Case" the URLs, but I have exclusions in place for cmsctx and kentico.*

<rule name="LowerCaseRule" stopProcessing="true">
    <match url="[A-Z]" ignoreCase="false" />
        <conditions>
            <add input="{URL}" negate="true" pattern="^\/cmsctx\/?" />
            <add input="{URL}" negate="true" pattern="^\/kentico.*\/?" />
        </conditions>
    <action type="Redirect" url="{ToLower:{URL}}" />
</rule>

This rule exists in all environments, not just the stage environment, so I highly doubt this is having any effect on this issue.

I have also tried navigating to the erroring stage URL in it's own tab, and the XML loads just fine, so it's not an issue of the route not existing, but strictly CORS blocking the request

Recent Answers


Juraj Ondrus answered on April 12, 2021 06:28

Have you tried the suggestions from this thread already? Also, the UseResourceSharingWithAdministration() has no longer any effect since hotfix no.30, so you can remove it from your code.

0 votesVote for this answer Mark as a Correct answer

Ben Buurstra answered on April 12, 2021 20:33

Juraj, thank you for your quick response.

After viewing the thread you linked to, and looking into request filtering, I found that the whole IIS instance on their stage environment was denying OPTIONS requests. I have removed that filter and everything seems to be working.

Thank you for your help!

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.