Server side form post returns ajax cross origin error | Community
Skip to main content
A
Anonymous
December 2, 2015
Question

Server side form post returns ajax cross origin error

  • December 2, 2015
  • 1 reply
  • 5833 views

I'm using this tutorial http://developers.marketo.com/blog/server-side-form-post/ to post form data back to marketo from my site.

I am getting a issue relating to the Ajax response

XMLHttpRequest cannot load app-lon.marketo.com/index.php/leadCapture/save. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'mysite.com' is therefore not allowed access.

The above error prevents the Ajax success function from triggering.

Is there a way I can either circumvent this issue?

If the marketo sub-domain is only for my marketo account, would it be feasible to request that marketo add in the correct headers on the server side file for my domain(s)?

Thanks

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

SanfordWhiteman
SanfordWhiteman
Level 10
December 2, 2015

Surely that's not a server-side form post.  It's a client-side (browser-side) post.  Servers don't care about CORS.

You don't to do anything like this.  You can post using the Forms 2.0 API, which is the recommended method. More info here and in other Commty posts.

A
Anonymous
December 3, 2015

We are rolling out a temporary solution for several site on several hosting platforms. Part of the brief is that switch from current form and autoresponder systems to marketo be seamless from an interaction and front end perspective, whilst talking to our existing systems.

I have built a js form builder that takes the marketo form id to build out the form using any of our site existing mark up methods and styles.

All the form builder needs to know is the marketo form id and is gets the json output of the form.

The script then itterates through each form item in the array to output the form as built in marketo, with a few minor items left out.

As i said above I'm getting issues where the ajax response from the marketo sub domain returns an error so our ajax success does not fire.

The ajax success is supposed to hide/show the form/thank you message and send additional analytics events to google.

There are cases where the content of the form thank you message is dynamic as it's generated based on a url query, for example the url query might be a document file name, so the form thank you contains the link for the document download.

This affects all browsers, with ie 8 being the worst affected as the ajax error even prevents the data from being sent to our leads database

I wondered if we could arrange with marketo to set the headers on the marketo subdomain to allow access from all or a list of sites. something like this in a htaccess file.

Header add Access-Control-Allow-Origin "*"

We have two alternate solutions.

A direct curl function which works in all browsers but has no authentication method, we run a for each loop to post all field generated as part of the form build.

Or a rest method which submits the lead, but we cannot see how we would tell marketo that it can from which formid, also the rest api field names are different from the names provided from the json array.

SanfordWhiteman
SanfordWhiteman
Level 10
December 3, 2015

This affects all browsers, with ie 8 being the worst affected as the ajax error even prevents the data from being sent to our leads database

Of course!  This is the very definition of why using a prebuilt, tested, cross-browser forms API is necessary.

The Forms 2.0 API uses a cross-domain IFRAME shim that solves all of these problems.  To repeat: there is no need to show the underlying Marketo form to the user in order to use the Forms 2.0 API for form submission.

You could build your own solution using XDFrame, et al., but that's just busywork when there's literally an API included with the product that already does all that, and does it well.

I wondered if we could arrange with marketo to set the headers on the marketo subdomain to allow access from all or a list of sites. something like this in a htaccess file.

Header add Access-Control-Allow-Origin "*"

I hope not. You're talking about dramatically changing the security model for all tenants, even though there's an API that works with the existing security model.

A direct curl function which works in all browsers but has no authentication method, we run a for each loop to post all field generated as part of the form build.

I wouldn't say it "work[s] in all browsers" because it doesn't work in the browser at all. That's your server-side form post.  It also is throttled to one form post every 2 seconds, which is suboptimal, but not as bad as the below.

Or a rest method which submits the lead, but we cannot see how we would tell marketo that it can from which formid, also the rest api field names are different from the names provided from the json array.

Never, ever do this.  Using a REST API call in response to individual end-user activities creates a major DoS vulnerability against your instance -- not only this integration but all your integrations.  Use API calls only for bulk actions (and still use proper throttling and queuing).

Terms & ConditionsAccessibility statement

Loading footer...