SOLVED

Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

Go to solution
Highlighted

Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

Hello, 

I'm moving my munchkin code to Google Tag Manager to create some consistency across my 7 websites. I made the move and I cleared my cache to test it but the _mkto_trk was never assigned. After digging further I found this error:  

pastedImage_1.png

I've been doing a stream of Google searches and the error makes sense. What I can't figure out is what I have to do to my Marketo instance or the Muchkin code in order to not error out. I have no customization on my Munchkin code, yet,  and I'm using the Asynchronous version. 

Since I started troubleshooting I put the Munchkin code directly on my Wordpress website in the header and within my Google Tag Manager container. Here's the link to the site I'm working on - https://www.arvigbusiness.com/ 

Is there a fix it tutorial or can someone outline the steps to fix this? Thanks for all the help I appreciate it! 

Tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Level 10 - Community Moderator

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

If you aren't getting the CORS error from an Incognito window in the same profile that gives you the error (in the non-Incog window) then I'd assume it's actually a Chrome extension throwing the error. Extensions don't run in Incognito by default.

View solution in original post

10 REPLIES 10
Highlighted

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

I've been doing more digging so I thought I'd share some of what I found. 

1) The munchkin token is being assigned to my main user account and not failing when I'm logged in on Chrome. I can also get assigned a munchkin token (cookie, really not sure the correct term) when I use Firefox. 

2) I get the error when I'm logged into a secondary account on Chrome. 

3) One of the main reasons I'm using Google Tag Manager to deploy my tags is because I have many websites on different platforms. One of my non-wordpress based sites, arvig.net,  is blocking the Munchkin code and Google Tag Manager and I have no idea why.    Here's that error: 

pastedImage_2.png

Other random info:  I've set up my Google Analytics account with cross domain tracking, and am utilizing the Muchkin ID as my user ID in Google Analytics. I'm planning on adding something to my munchkin code or form embed code to be able to track the Munchkin ID back to my Marketo database so I can send that same ID number to my CRM - SugarCRM. I'm doing all of this with the hopes of pushing this data to a tool like Google Data Studio so I can create an end-to-end report to know what web pages, digital sources, ad campaigns are producing the best leads that help grow our revenue. (I know we are really behind on this!). My biggest concern right now is that without getting this Munchkin code to get assigned more consistently I'm going to get inaccurate data. 

Any ideas on how to solve for the Munchkin cookie getting assigned more consistently is really appreciated! 

Highlighted
Level 10 - Community Moderator

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

First: you're mixing up CORS, cookies, and CSP -- these are all markedly different areas, so it's important to target one at a time or communication will quickly break down.

Let me start with the last sub-question:

One of my non-wordpress based sites, arvig.net,  is blocking the Munchkin code and Google Tag Manager and I have no idea why.    Here's that error: pastedImage_2.png

The reason is pretty explicit in the error message. You're sending the CSP header...

HTTP/1.1 200 OK
Date: Thu, 23 Jan 2020 17:09:12 GMT
Server: Apache
Cache-Control: no-cache, private
Content-Security-Policy: default-src 'none'; base-uri 'none'; connect-src 'self' https://*.olark.com https://*.hotjar.com; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://*.marke
to.com https://*.jotform.com https://*.jotformpro.com https://*.arvig.com https://*.arvig.net; frame-ancestors 'none'; frame-src 'self' https://*.jotform.com https://*.jotformpro.com https://*.marketo
.com https://*.youtube.com https://youtu.be https://*.arvig.com https://*.arvig.net https://*.olark.com https://*.google.com httsp://*.hotjar.com https://*.hotjar.com https://*.paymentus.com; img-src
'self' https://*.youtube.com https://*.olark.com https://www.google-analytics.com; manifest-src 'none'; media-src https://*.olark.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval
' https://*.marketo.com https://*.olark.com https://www.googletagmanager.com https://*.hotjar.com https://*.pointillist.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://f
onts.googleapis.com https://*.marketo.com https://*.olark.com https://*.hotjar.com https://www.google-analytics.com; worker-src 'none'
X-Content-Type-Options: nosniff
X-Download-Options: noopen‍‍‍‍‍‍‍‍‍‍‍‍

... but you haven't included a domain that matches munchkin.marketo.net.

When deploying optional security measures like CSP, you need to have full control of the technology stack (in other words, someone else cannot deploy CSP correctly on your behalf).

Highlighted

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

Thanks Sanford Whiteman‌! 

I'm thinking I can send this error to my web developer and I'll hope that they understand this error well enough to fix it. I will wait for that fix to be implemented before doing anymore troubleshooting on that website. 

What about the arvigbusiness.com site? I get the assigned the cookie sometimes, but not always. Is there something I can do to make this cookie assignment be more consistent? 

Highlighted
Level 10 - Community Moderator

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

What is the exact browser version you are using?

The cookie assignment is not related to CORS. That CORS error is happening when the tracking pixel loads, which is after the cookie is set.

Highlighted

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

Thank you for educating me. I'm learning all this stuff on the fly and haven't found a good article to break all of this down well enough so that I really understand it. I am using Google Chrome - Version 79.0.3945.130 (Official Build) (64-bit). I have 2 profiles set on this web browser. I get the error on my secondary account, but don't get the CORS error on my primary account. 

Did that answer your question?

Highlighted
Level 10 - Community Moderator

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

In an Incognito window in both cases?

Highlighted

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

No errors listed in Incognito mode. Just while logged into Chrome with my secondary account. If this error isn't stopping the Marketo Cookie from being assigned my using the id as the user ID shouldn't be affected - right? What does this error affect? I was thinking it was blocking the cookie from getting saved which doesn't appear to be the case. 

There's way to much to learn! Thanks for helping. Slowly but surely I'm understanding more and more. 

Highlighted
Level 10 - Community Moderator

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

If you aren't getting the CORS error from an Incognito window in the same profile that gives you the error (in the non-Incog window) then I'd assume it's actually a Chrome extension throwing the error. Extensions don't run in Incognito by default.

View solution in original post

Highlighted

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

Interesting, so I really don't have a real problem. Since this is my secondary account I don't have too many extensions on it and actually removed all but Google Tag Assistant. I'm still getting the errors. Next up was updating the Google Chrome sync status as that was turned to off so I turned it on. That didn't seem to affect the errors either. Then I turned off Google Tag Assistant and the errors went away, so that's the problem extension. I do have Google Tag Assistant on my other account so that's curious, but I least I better understand why it was inconsistent.

Thank you for the assistance. I appreciate it. If you have a moment would you mind explaining what the error actually does if it doesn't stop the cookie from getting stored on a browser?