Rich-text Reply

Does the service support CORS for logging via XMLHttpRequest?

x3watch-dev 09-07-15

Does the service support CORS for logging via XMLHttpRequest?

[ Edited ]

When attempting to make an XMLHttpRequest via javascript (EmberJS app) to the Optimizely logging service, we hit a standard CORS issue due to no Access-Control-Allow-Origin header being returned by service response to browser.




XMLHttpRequest cannot load https://{{project_id}}


No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '{{experiment_host}}' is therefore not allowed access.


Does anyone know if it is possible to 'whitelist' a host used in experiment using Optimizely's dashboard, in order to get the appropriate header in the response, or should we work around this with an alternate approach?




Re: Does the service support CORS for logging via XMLHttpRequest?

Hi @x3watch-dev,


Great question, and one I've seen once before but was able to solve.  Yes, it should be possible to whitelist the Optimizely log URL on your side, as our log URL is unique to the project ID for your snippet.  That is, https://{{project_id}} never changes because the project ID never changes.  If you opt in to CORS on your experiment host domain, you should be good to go, as Optimizely can accept any CORS request.


In my past case, the specific issue was the customer's site specified some methods that we did not accept, but the error raised made it look more like a typical CORS issue.  I would confirm that your request headers DO NOT contain the following methods:

Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with

You can verify the format of a successful XHR to Optimizely by going to and inspecting the Network tab of the browser console.


Please let me know if these suggestions help resolve your issue.  Thanks!

Harrison Krat
Solutions Architect | Optimizely, Inc.