Are there any more details about the error in the network tab of the browser console?
Ah XSS prevention. Yes, here it goes. (All the blue marks obfuscate the same domain name; so my InvoiceNinja is located at in.<domain> with the client portal at my.<domain>.)
I’d need to understand a bit more about what is happening here it looks like a CORS issue
Can you capture the browser console when this happens?
It would be good to see what the actual error you are seeing is.
Have you looked at the capture from Mar 2? If you need something more, can you be more specific in what you need?
@xoo
The domains are blanked out, however here the CORS issues appears to be due to the fact that the system is attempting to reach a different endpoint… Is the CORS trying to access a custom client portal domain?
The hostnames weren’t completely obfuscated, just the domain part, the host part was deliberately left visible, but anyway:
In .env I have:
APP_URL=https://in.<mydomain>
In Settings → Client Portal I have client portal set to “on”, domain URL set to “https://my.<mydomain>”
So yes, I’m using client portal settings. I just fail to understand why the invoice email sending dialog needs to render the invoice PDF preview using the client portal URL. When editing the invoice, the PDF preview happens via the app portal URL. When a client clicks the $view_button in their invoice email, they should end up in the client portal (and they do), but previewing the PDF in the yet to be sent invoice email should be handled the same as when editing the invoice and should have nothing to do with the client portal. So why does the sending dialog try to access the client portal? If it wouldn’t, there would be no CORS error. Am I confused?
You shouldn’t be seeing the cors error, it should be possible to retrieve the PDF regardless of the domain, so it sounds like there may be something in your configuration that is throwing the CORS error?
Are you running behind a proxy?
No, there is no proxy.
It started like 4 - 6 month ago. Before that time it was working as supposed. Haven’t really changed config since, especially not the client portal knobs.
I keep on getting an XMLHttpRequest error when I click “View PDF” in the Invoice screen.
I upgraded tot the latest version of Invoice Ninja.
When I get the error and then click “Delivery Note” on and of, the PDF shows up.
Please help
I meanwhile solved the CORS error. In my case it was caused by an overly simplistic domain usage enforcement in /etc/nginx/conf.d/invoiceninja.conf. From original installation I had
server_name in.example.com;
if ($host != $server_name) {
return 301 https://$server_name$request_uri;
}
At some point I added a dedicated name for the client portal
server_name in.example.com my.example.com;
This worked for at least a year, but eventually something must have changed in the way the email sending preview is generated. That’s when the errors started. Amending the redirection to
if ($host !~* '^(in|my)\.example\.com$') {
return 301 https://$server_name$request_uri;
}
fixed the CORS errors.
1 Like
Thanks for your response.
I use apache and I cannot find the file:
/etc/nginx/conf.d/invoiceninja.conf.
But is this a ‘bug’ in invoice ninja 5 because the 4 version is working perfect.
Hey there,
Does anyone has a solution. I used Invoice Ninja 4 for many year and switch to Version 5 some time ago. I like version 5 but I’m having this painfull error. What can I do to solve this issue. Please help.
TIA.