'Access-Control-Allow-Origin'must not be the wildcard when credentials mode is 'include'

[Maro]

 

Hello,

i want do display HTML5 Ads with Revive Adserver 4.1.1. They show up in the inventory and are fine. The zone is set to "Asynchronus JS Tag".

The Adservers hostname is like a subdomain of the domain that should show the ads. Like adserver.example.com

On example.com, i get these errors (only when HTML5 is delivered, image banners working well):

(index):1 Failed to load https://adserver.example.com/www/delivery/asyncspc.php?zones=5|9|10|11|9|11|9|9&prefix=revive-0-&loc=https%3A%2F%2Fexample.com%2F&referer=https%3A%2F%2Fexample.com%2F: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'https://example.com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

 

I have tried to disable plugins and to add Header set Access-Control-Allow-Origin "example.com" as additional directives for HTTP and HTTPS in Plesk. After that, the error message read something like "There are more than one Origins specified..."

I haven't found any working tips, maybe anyone here can help me. Some wanted to change the  Thanks in advance.

maro

[Maro]

The zone invocation code is containing

.../www/delivery/asyncjs.php"></script>

 

Not asyncspc.php like named in the error message. Is this ok?

[Maro]

"as named", i mean.

 

I wonder where "*" is specified. But i think, i should get rid of the credential thing? Where is this specified, and why it is set to "include"?

 

I found h.withCredentials = true; in async.js and have set it to false. On example.com, the error continues.

The strange thing is, on a second test domain the HTML5 ad is showing up and working properly even with "h.withCredentials = true;" in async.js

Edited February 14, 2018 by Maro
New things

[Matteo Beccati]

@Maro withCredentials is required, as some features use cookies. Your webserver must be overwriting the Access-Control-Allow-Origin header sent by Revive.

[Maro]

Thanks for replying.

English is not my mother tongue, so i want to ask what you you mean:

currently my webserver is overwriting the header sent by revive, or should i make, that my webserver is overwriting the header sent by revive?

 

Is this problem there, because revive is located at a subdomain of the website that should show that HTML5 banners? 

Edited February 14, 2018 by Maro

[Matteo Beccati]

Your Apache or nginx is most likely configured to set the wildcard header, as Revive uses the Origin domain for async calls.

[Maro]

i have to figure out how to change that. i can only give additionaly directions. 

 

Is this problem there, because revive is located at a subdomain of the website that should show that HTML5 banners? becaus at another domain the ads are showing up, but this site i on another webserver (but same standard config by plesk).

I have just tested on another website on the same server. The ad is delivered!

So is this no server wide problem? Maybe the header is overwritten by a plugin of wordpress? 

[Matteo Beccati]

@Maro Sorry, I can't possibly know how your servers are configured. Wordpress is not involved in that though.

[Maro]

I thank you anyway, this helps me alot. 

Have you a clue, if it's the setting for the adserver's subdomain or the website's domain? 

[Matteo Beccati]

The setting is in the webserver hosting Revive Adserver.

[Maro]

Sometimes i get a banner (only the 300x250), sometimes not. It get weirder. 

It's the same banner like the other ones. Formatted for 300x250 and it's showing up. sometimes.

Edited February 14, 2018 by Maro

[Maro]

So i have to remove the wildcard, because revive set the header itself? But from where comes the wildcard? I think Plesk isn't set the wildcard as a default.

Now it say something like
"the value of Access...Origin... header must not be the wildcard "*", the origin https://example.com is therefore not allowed"

When i set it in plesk an wildcard "*" just for testing, is say 
"header contains multiple values 'https://example.com, *', but only one is allowed...."

 

Where comes the wildcard from?

Can you give me assistance, @Matteo Beccati? I would like to pay you.

Edited February 14, 2018 by Maro

[Maro]

Maybe i just could move the adserver from adserver.example.com to another Domain adserver123.com. But why is it working on another websites than example.com? 

Edited February 14, 2018 by Maro

[Maro]

I have now changes the URL of the adserver from adserver.example.com to adserver.anotherdomain.com.

I still get the same error. The Invocation Code is still working on other domains than example.com, all banners are showing up! Still no HTML5 banners for example.com.

I don't get it! It drives me crazy. And the one HTML5 banner, that was working (sometimes) isn't working anymore.

 

[Maro]

I use Newspaper theme of tagdiv. When switching to another theme, everything works well.

I try to find out why and where newspaper is setting a wildcard header.

[Maro]

tagdiv has no clue, i don't know what to do now.

[Maro]

Can somebody give me paid support? Anyone?