A redirected AJAX call is being rejected with a CORS error message, for example:
Access to XMLHttpRequest at 'https://my-domain-2/path' (redirected from'https://my-domain-1/path') from origin 'https://my-website-domain' has beenblocked by CORS policy: Request header field x-newrelic-id is not allowed byAccess-Control-Allow-Headers in preflight response.
To resolve this error, update your code to make the AJAX call to the new URL provided by the redirect. For more information, see the MDN article CORS request external redirect not allowed.
The Browser agent automatically adds custom headers to outgoing same-origin AJAX calls in order to support the Distributed Tracing feature.
When the server that receives the AJAX call responds with a redirect status code (e.g. 302), the browser will automatically make the same AJAX call to the redirected URL. And if this new URL is on a different origin and the call does not pass the CORS preflight, the browser will fail the call with the error message listed above.
If you need more help, check out these support and learning resources:
- Browse the Explorers Hub to get help from the community and join in discussions.
- Find answers on our sites and learn how to use our support portal.
- Run New Relic Diagnostics, our troubleshooting tool for Linux, Windows, and macOS.
- Review New Relic's data security and licenses documentation.