APIs & Integrations

luisfoundation
Member

Dealing with 'Access-Control-Allow-Origin' header

While testing on my local environment I use a CORS plugin to be able to do this kind of request .
However when deployed im getting the CORS error. How can I bypass this limitation so that newsletter works on my live site. The error im getting is the following.

XMLHttpRequest cannot load https://forms.hubspot.com/uploads/form/v2/4506xx/xxe6eaa5-xxxx-4f81-a498-1198687031f7. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘https://jerxxx-fe-dev.xxxx.com’ is therefore not allowed access.

Note: live site address is censored. I can provide it if needed

0 Upvotes
14 Replies 14
RobertBardan
Participant

Dealing with 'Access-Control-Allow-Origin' header

Hubpsot, the thing is that you don't offer a way to communicate between your iframe and the main window(at least I didn't found one).
I've added a poup tou my Hubspot site and I am not able to listen for the form submit that's inside the popup created with your system.

0 Upvotes
CBourassa
Member

Dealing with 'Access-Control-Allow-Origin' header

we have a nodejs/riot.js website running on javascript. We use JSON to add contacts to Hubspot but we keep getting the Cors error. Any ways to fix that from the code?

It's kind or urgent.

0 Upvotes
davidoff2drew
Contributor | Elite Partner
Contributor | Elite Partner

Dealing with 'Access-Control-Allow-Origin' header

Been a few years. Any updates on this front?

foundryideas
Member

Dealing with 'Access-Control-Allow-Origin' header

Does this still need to be handled by proxying from another server to Hubspot?

0 Upvotes
windsorperma
Member

Dealing with 'Access-Control-Allow-Origin' header

This is happening because of the CORS (Cross Origin Resource Sharing) . For every HTTP request to a domain, the browser attaches any HTTP cookies associated with that domain. This is especially useful for authentication, and setting sessions. You are doing an XMLHttpRequest to a different domain than your page is on. So the browser is blocking it as it usually allows a request in the same origin for security reasons. You need to do something different when you want to do a cross-domain request.

 

JSONP ( JSON with Padding ) is a method commonly used to bypass the cross-domain policies in web browsers. You're on domain example.com , and you want to make a request to domain example.net . To do so, you need to cross domain boundaries. JSONP is really a simple trick to overcome the XMLHttpRequest same domain policy. So, instead of using XMLHttpRequest we have to use < script > HTML tags, the ones you usually use to load JavaScript files , in order for JavaScript to get data from another domain.

 

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

Dealing with 'Access-Control-Allow-Origin' header

@foundryideas Yes, there hasn't been any changes on this front.

0 Upvotes
Not applicable

Dealing with 'Access-Control-Allow-Origin' header

I’d love to have this too. I need this for the form submission endpoint.

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

Dealing with 'Access-Control-Allow-Origin' header

@ozzyonfire @MartinMuzatko There aren’t any plans to release this is the short run so I do not have any update for you.

@ozzyonfire Could you host your own server to proxy the data through to HubSpot? You could make an AJAX request to your own server and then make the proper server-side request to HubSpot to submit the form data.

0 Upvotes
ozzyonfire
Member

Dealing with 'Access-Control-Allow-Origin' header

Ya that’s exactly what I ended up doing.

0 Upvotes
ozzyonfire
Member

Dealing with 'Access-Control-Allow-Origin' header

Any news on this? I am also running into the same issue. Unfortunately, our website was built by a third-party and I don’t have the ability to send the request from the server.

All I’m trying to do is to submit a form through a JQuery post request.

0 Upvotes
Merlin_Mason
Member

Dealing with 'Access-Control-Allow-Origin' header

Is this on your roadmap to add? Would be very convenient as we’re using a static site builder so have no backend to submit to. Currently our forms submit to FormBucket but would like to submit these directly to HubSpot.

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Dealing with 'Access-Control-Allow-Origin' header

We have some long term plans to allow AJAX requests specifically for form submissions, but we don’t have any plans to allow that for our APIs in general.

0 Upvotes
Dadams
HubSpot Employee
HubSpot Employee

Dealing with 'Access-Control-Allow-Origin' header

@luisfoundation our APIs don’t support CORS requests, so if you’re using JavaScript for this, you’d need to send the data from the page to your server, and then have your server make the request to HubSpot.

stefenphelps
Member | Partner
Member | Partner

Dealing with 'Access-Control-Allow-Origin' header

I ran into this same issue the other day and wrote up some instructions on how I got around this issue.

The gist of the post is: use your own server to make the server side request and then dump the json onto your page and enable CORS. Then you can make all the AJAX calls that you need. It only takes two lines of PHP so it's very simple to do.