XMLHttpRequest error when viewing PDF invoices

hillel · March 2, 2023, 10:25am

Are there any more details about the error in the network tab of the browser console?

xoo · March 3, 2023, 2:54pm

Ah XSS prevention. Yes, here it goes. (All the blue marks obfuscate the same domain name; so my InvoiceNinja is located at in.<domain> with the client portal at my.<domain>.)

hillel · March 3, 2023, 2:55pm

@david do you have any ideas?

david · March 3, 2023, 9:45pm

I’d need to understand a bit more about what is happening here it looks like a CORS issue

xoo · March 6, 2023, 9:46am

@david

Can I supply any additional info?

xoo · March 14, 2023, 11:12am

@david

Any news on this?

david · March 14, 2023, 11:41am

@xoo

Can you capture the browser console when this happens?

It would be good to see what the actual error you are seeing is.

xoo · March 23, 2023, 3:32pm

@david

Have you looked at the capture from Mar 2? If you need something more, can you be more specific in what you need?

david · March 23, 2023, 9:25pm

@xoo
The domains are blanked out, however here the CORS issues appears to be due to the fact that the system is attempting to reach a different endpoint… Is the CORS trying to access a custom client portal domain?

xoo · March 24, 2023, 12:30pm

@david

The hostnames weren’t completely obfuscated, just the domain part, the host part was deliberately left visible, but anyway:

In .env I have:
APP_URL=https://in.<mydomain>

In Settings → Client Portal I have client portal set to “on”, domain URL set to “https://my.<mydomain>”

So yes, I’m using client portal settings. I just fail to understand why the invoice email sending dialog needs to render the invoice PDF preview using the client portal URL. When editing the invoice, the PDF preview happens via the app portal URL. When a client clicks the $view_button in their invoice email, they should end up in the client portal (and they do), but previewing the PDF in the yet to be sent invoice email should be handled the same as when editing the invoice and should have nothing to do with the client portal. So why does the sending dialog try to access the client portal? If it wouldn’t, there would be no CORS error. Am I confused?

david · March 25, 2023, 1:03am

You shouldn’t be seeing the cors error, it should be possible to retrieve the PDF regardless of the domain, so it sounds like there may be something in your configuration that is throwing the CORS error?

Are you running behind a proxy?

xoo · March 27, 2023, 8:26am

@david

No, there is no proxy.

It started like 4 - 6 month ago. Before that time it was working as supposed. Haven’t really changed config since, especially not the client portal knobs.