SOLVED

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

Go to solution
SanfordWhiteman
Level 10 - Community Moderator

Re: Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

If you have a moment would you mind explaining what the error actually does if it doesn't stop the cookie from getting stored on a browser? 

A Munchkin-logged activity requires at minimum 3 network requests:

  1. The Munchkin bootstrapper JS - a tiny script that manages Munchkin versions and sets up an event stack.
  2. The Munchkin core JS - the bulkier library that sets up the actual event listeners on the page, and sends requests for the tracking pixel.
  3. The tracking GIF - by default, the pixel is loaded w/Visit Web Page parameters as soon as script #2 above is loaded.

#1 and #2 load from munchkin.marketo.net, #3 from a subdomain of mktoresp.com.

The tracking cookie is created on the client side by #2 (it has to be, as it must exist before the activity is logged).

The pixel is loaded via XHR (Ajax) in late-model browsers. Those browsers check after the pixel request has been sent and received -- known as a non-preflighted request -- to see if the remote origin (mktoresp.com in this case) has indicated that the response (the GIF) is permitted to be read by the requester.  It uses the Access-Control-Allow-Origin header from the response to determine this permission. Your extension is tampering with the A-C-A-O header.