CORS settings

Javascript API

A frequently occuring problem is that when using the javascript API, requests to the marketing automation domain fail due to being blocked by the browser:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://some-url-here. (Reason: additional information here).


Mautic allows to set up which remote domains the system is allowed to make request from. This configuration can be found at Configuration / System Settings / CORS Settings.

Yoo may leave the CORS restrictions off. This results that the system is allowed to be reached from anywhere via javascript API.

CORS off

If you turn the restrictions on you may enter valid domains from which the system is allowed to be reached:

Cors on

Pay attention to the syntax:

  • Write only one domain in each line
  • Set the protocoll properly (https://)
  • Strip the / character from the end of the url.



CORS settings besides the javascript API also affects the functionality of the Mautic Firebase Cloud Messaging Plugin. Partly because contacts are registered to web notifications via the javascript API. On the other hand misconfigured CORS settings may prevent contacts from registering to mobile notification. Requests originating from the mobile application are also allowed if the origin sent by the application is listed among the valid domains (or the CORS restrictions are off). The application sends “http://localhost” as origin by default. Thus if you use mobile application you should either change the origin the application sends or add “http://localhost” to the valid domain list.

Related functions in
  • Your cart is empty.
  • Your cart is empty.