Trouble with cross-domain API calls
Options
Hi all,
I'm trying to create an offsite form using 40Nuggets that dumps into Luminate online. I copied this code from a splash page we're using on our main page and it works fine, but now I'm getting this error message:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://secure2.convio.net/comcau/site/CRConsAPI?luminateExtend=1.7.1&api_key=COMCAU_API_KEY&method=getLoginUrl&response_format=json&v=1.0. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Here's the code in question. Any idea how I could fix this? I've heard from BB support that Noah Cooper might be able to help out.
(function($) {
var cb_surveyForm = $('.cb-lo-survey')
, cb_step1 = $('.cb-step1')
, cb_step2 = $('.cb-step2');
$.fn.displayErrorMessage = function(message) {
$(this).removeErrorMessage().prepend('<div class="cb-errors"><div>' +
(message === undefined ? '<b>Please make sure you have provided a valid value for highlighted fields.</b>' : message) +
'</div></div>');
return this;
};
$.fn.removeErrorMessage = function() {
$(this).find('.cb-errors').remove();
return this;
};
$.fn.submitLoading = function() {
$(this).bind('submit', function() {
$(this).before('<div class="cb-loading">Please wait ...</div>').hide();
});
return this;
};
$.fn.bindLuminateForm = function(options) {
var settings = $.extend({
onBeforeLuminateExtendSubmit: $.noop,
customFormValidation: function() {
return [];
}
}, options || {});
$(this).unbind('submit').bind('submit', function(e) {
var hasErrors = false, errMessages = [];
$(this).find('.required').each(function() {
var fieldName = $(this).attr('name');
$(this).removeClass('error');
$('label[for="' + fieldName + '"]').removeClass('error');
if ($(this).attr('type') === 'radio') {
if (!$('input[name="' + fieldName + '"]:checked').val()) {
$('label[for="' + fieldName + '"]').addClass('error');
hasErrors = true;
}
} else {
var fieldValue = $.trim($(this).val());
if (fieldValue === '') {
$(this).addClass('error');
hasErrors = true;
}
}
});
var customValidationErrors = luminateExtend.utils.ensureArray(settings.customFormValidation());
if (customValidationErrors.length > 0) {
hasErrors = true;
errMessages.push(customValidationErrors);
}
if (hasErrors) {
var errorsList = $('<ul></ul>');
if (errMessages.length > 0) {
if (errMessages.length > 1) {
for (var i = 0; i < errMessages.length; i++) {
errorsList.append($('<li class="text-danger">' + errMessages[i] + '</li>'));
}
} else {
errorsList.append($('<li class="text-danger">' + errMessages[0] + '</li>'));
}
}
$(this).displayErrorMessage().find('.cb-errors').append($('<p></p>').append(errorsList).html());
} else {
settings.onBeforeLuminateExtendSubmit();
$(this).unbind('submit').submitLoading();
luminateExtend.api.bind();
$(this).submit();
}
e.preventDefault();
});
return this;
};
window.surveyCallback = {
error: function(data) {
cb_surveyForm.displayErrorMessage(data.errorResponse.message);
cb_step1.find('.cb-loading').remove();
cb_surveyForm.show();
},
success: function(data) {
cb_surveyForm.removeErrorMessage().find('.cb-loading').remove();
cb_step1.find('.cb-loading').remove();
if (data.submitSurveyResponse.success == 'false') {
cb_surveyForm.displayErrorMessage('');
var surveyErrors = luminateExtend.utils.ensureArray(data.submitSurveyResponse.errors);
$.each(surveyErrors, function() {
if (this.errorField) {
$('input[name="' + this.errorField + '"]').addClass('error');
cb_surveyForm.find('.cb-errors').append('<div>' + this.errorMessage + '</div>');
}
});
cb_surveyForm.show();
}
else {
try {
setCookie("subscribed", "true", 365);
} catch (err) {
}
cb_surveyForm.unbind('submit');
cb_step1.hide();
cb_step2.show();
// Google Analytic
addGoogleAnalyticsEvent('survey: ' + cb_surveyForm.find('input[name="survey_id"]').val(), window.location.href);
}
}
};
function addGoogleAnalyticsEvent(action, label) {
if (typeof (dataLayer) === "object") {
dataLayer.push({'event': '40Nuggets', 'fnAction': action, 'fnLabel': label});
}
if (typeof (ga) === "function") {
ga('send', 'event', '40nuggets', action, label);
} else if (typeof (_gaq) === "object") {
_gaq.push(['_trackEvent', '40nuggets', action, label]);
}
}
function cb_init() {
luminateExtend({
apiKey: 'COMCAU_API_KEY',
path: {
nonsecure: 'http://act.commoncause.org/site/',
secure: 'https://secure2.convio.net/comcau/site/'
}
});
cb_surveyForm.attr('action', luminateExtend.global.path.secure + 'CRSurveyAPI').bindLuminateForm();
$('input[name="cons_email"]').bind("keyup blur", function() {
$('.cb-fn-email').val($(this).val());
});
}
if (typeof luminateExtend == 'undefined') {
$.getScript('//cdnjs.cloudflare.com/ajax/libs/luminateExtend/1.7.1/luminateExtend.min.js', function() {
cb_init();
});
} else {
cb_init();
}
})(jQuery);
I'm trying to create an offsite form using 40Nuggets that dumps into Luminate online. I copied this code from a splash page we're using on our main page and it works fine, but now I'm getting this error message:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://secure2.convio.net/comcau/site/CRConsAPI?luminateExtend=1.7.1&api_key=COMCAU_API_KEY&method=getLoginUrl&response_format=json&v=1.0. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Here's the code in question. Any idea how I could fix this? I've heard from BB support that Noah Cooper might be able to help out.
(function($) {
var cb_surveyForm = $('.cb-lo-survey')
, cb_step1 = $('.cb-step1')
, cb_step2 = $('.cb-step2');
$.fn.displayErrorMessage = function(message) {
$(this).removeErrorMessage().prepend('<div class="cb-errors"><div>' +
(message === undefined ? '<b>Please make sure you have provided a valid value for highlighted fields.</b>' : message) +
'</div></div>');
return this;
};
$.fn.removeErrorMessage = function() {
$(this).find('.cb-errors').remove();
return this;
};
$.fn.submitLoading = function() {
$(this).bind('submit', function() {
$(this).before('<div class="cb-loading">Please wait ...</div>').hide();
});
return this;
};
$.fn.bindLuminateForm = function(options) {
var settings = $.extend({
onBeforeLuminateExtendSubmit: $.noop,
customFormValidation: function() {
return [];
}
}, options || {});
$(this).unbind('submit').bind('submit', function(e) {
var hasErrors = false, errMessages = [];
$(this).find('.required').each(function() {
var fieldName = $(this).attr('name');
$(this).removeClass('error');
$('label[for="' + fieldName + '"]').removeClass('error');
if ($(this).attr('type') === 'radio') {
if (!$('input[name="' + fieldName + '"]:checked').val()) {
$('label[for="' + fieldName + '"]').addClass('error');
hasErrors = true;
}
} else {
var fieldValue = $.trim($(this).val());
if (fieldValue === '') {
$(this).addClass('error');
hasErrors = true;
}
}
});
var customValidationErrors = luminateExtend.utils.ensureArray(settings.customFormValidation());
if (customValidationErrors.length > 0) {
hasErrors = true;
errMessages.push(customValidationErrors);
}
if (hasErrors) {
var errorsList = $('<ul></ul>');
if (errMessages.length > 0) {
if (errMessages.length > 1) {
for (var i = 0; i < errMessages.length; i++) {
errorsList.append($('<li class="text-danger">' + errMessages[i] + '</li>'));
}
} else {
errorsList.append($('<li class="text-danger">' + errMessages[0] + '</li>'));
}
}
$(this).displayErrorMessage().find('.cb-errors').append($('<p></p>').append(errorsList).html());
} else {
settings.onBeforeLuminateExtendSubmit();
$(this).unbind('submit').submitLoading();
luminateExtend.api.bind();
$(this).submit();
}
e.preventDefault();
});
return this;
};
window.surveyCallback = {
error: function(data) {
cb_surveyForm.displayErrorMessage(data.errorResponse.message);
cb_step1.find('.cb-loading').remove();
cb_surveyForm.show();
},
success: function(data) {
cb_surveyForm.removeErrorMessage().find('.cb-loading').remove();
cb_step1.find('.cb-loading').remove();
if (data.submitSurveyResponse.success == 'false') {
cb_surveyForm.displayErrorMessage('');
var surveyErrors = luminateExtend.utils.ensureArray(data.submitSurveyResponse.errors);
$.each(surveyErrors, function() {
if (this.errorField) {
$('input[name="' + this.errorField + '"]').addClass('error');
cb_surveyForm.find('.cb-errors').append('<div>' + this.errorMessage + '</div>');
}
});
cb_surveyForm.show();
}
else {
try {
setCookie("subscribed", "true", 365);
} catch (err) {
}
cb_surveyForm.unbind('submit');
cb_step1.hide();
cb_step2.show();
// Google Analytic
addGoogleAnalyticsEvent('survey: ' + cb_surveyForm.find('input[name="survey_id"]').val(), window.location.href);
}
}
};
function addGoogleAnalyticsEvent(action, label) {
if (typeof (dataLayer) === "object") {
dataLayer.push({'event': '40Nuggets', 'fnAction': action, 'fnLabel': label});
}
if (typeof (ga) === "function") {
ga('send', 'event', '40nuggets', action, label);
} else if (typeof (_gaq) === "object") {
_gaq.push(['_trackEvent', '40nuggets', action, label]);
}
}
function cb_init() {
luminateExtend({
apiKey: 'COMCAU_API_KEY',
path: {
nonsecure: 'http://act.commoncause.org/site/',
secure: 'https://secure2.convio.net/comcau/site/'
}
});
cb_surveyForm.attr('action', luminateExtend.global.path.secure + 'CRSurveyAPI').bindLuminateForm();
$('input[name="cons_email"]').bind("keyup blur", function() {
$('.cb-fn-email').val($(this).val());
});
}
if (typeof luminateExtend == 'undefined') {
$.getScript('//cdnjs.cloudflare.com/ajax/libs/luminateExtend/1.7.1/luminateExtend.min.js', function() {
cb_init();
});
} else {
cb_init();
}
})(jQuery);
Tagged:
0
Comments
-
That error message indicates that you've not whitelisted the domain you're making the API call from. See https://github.com/noahcooper/luminateExtend:
For security reasons, the API and this library limit requests to a list of domains whitelisted by your organization. If you haven't already done so, go to Setup -> Site Options -> Open API Configuration, and click "Edit Javascript/Flash configuration". For the purposes of using this library, the only options you need to worry about on this page are 1. Allow JavaScript/Flash API from these domains and 2. Trust JavaScript/Flash API from these domains. Add any domains where you will use this library to these lists. As noted on the page, you can use an asterisk as a wildcard if your website has multiple subdomains, e.g. "*.myorganization.com"
0 -
Wow, I feel silly. I added it to the whitelist before I reached out to BB support, but mispelled my own domain name. Thanks for the quick response and help, Noah!0
Categories
- All Categories
- Shannon parent
- shannon 2
- shannon 1
- 21 Advocacy DC Users Group
- 14 BBCRM PAG Discussions
- 89 High Education Program Advisory Group (HE PAG)
- 28 Luminate CRM DC Users Group
- 8 DC Luminate CRM Users Group
- Luminate PAG
- 5.9K Blackbaud Altru®
- 58 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 409 bbcon®
- 2.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- donorCentrics®
- 1.1K Blackbaud eTapestry®
- 2.8K Blackbaud Financial Edge NXT®
- 1.1K Blackbaud Grantmaking™
- 527 Education Management Solutions for Higher Education
- 1 JustGiving® from Blackbaud®
- 4.6K Education Management Solutions for K-12 Schools
- Blackbaud Luminate Online & Blackbaud TeamRaiser
- 16.4K Blackbaud Raiser's Edge NXT®
- 4.1K SKY Developer
- 547 ResearchPoint™
- 151 Blackbaud Tuition Management™
- 61 everydayhero
- 3 Campaign Ideas
- 58 General Discussion
- 115 Blackbaud ID
- 87 K-12 Blackbaud ID
- 6 Admin Console
- 949 Organizational Best Practices
- 353 The Tap (Just for Fun)
- 235 Blackbaud Community Feedback Forum
- 55 Admissions Event Management EAP
- 18 MobilePay Terminal + BBID Canada EAP
- 36 EAP for New Email Campaigns Experience in Blackbaud Luminate Online®
- 109 EAP for 360 Student Profile in Blackbaud Student Information System
- 41 EAP for Assessment Builder in Blackbaud Learning Management System™
- 9 Technical Preview for SKY API for Blackbaud CRM™ and Blackbaud Altru®
- 55 Community Advisory Group
- 46 Blackbaud Community Ideas
- 26 Blackbaud Community Challenges
- 7 Security Testing Forum
- 3 Blackbaud Staff Discussions
- 1 Blackbaud Partners Discussions
- 1 Blackbaud Giving Search™
- 35 EAP Student Assignment Details and Assignment Center
- 39 EAP Core - Roles and Tasks
- 59 Blackbaud Community All-Stars Discussions
- 20 Blackbaud Raiser's Edge NXT® Online Giving EAP
- Diocesan Blackbaud Raiser’s Edge NXT® User’s Group
- 2 Blackbaud Consultant’s Community
- 43 End of Term Grade Entry EAP
- 92 EAP for Query in Blackbaud Raiser's Edge NXT®
- 38 Standard Reports for Blackbaud Raiser's Edge NXT® EAP
- 12 Payments Assistant for Blackbaud Financial Edge NXT® EAP
- 6 Ask an All Star (Austen Brown)
- 8 Ask an All-Star Alex Wong (Blackbaud Raiser's Edge NXT®)
- 1 Ask an All-Star Alex Wong (Blackbaud Financial Edge NXT®)
- 6 Ask an All-Star (Christine Robertson)
- 21 Ask an Expert (Anthony Gallo)
- Blackbaud Francophone Group
- 22 Ask an Expert (David Springer)
- 4 Raiser's Edge NXT PowerUp Challenge #1 (Query)
- 6 Ask an All-Star Sunshine Reinken Watson and Carlene Johnson
- 4 Raiser's Edge NXT PowerUp Challenge: Events
- 14 Ask an All-Star (Elizabeth Johnson)
- 7 Ask an Expert (Stephen Churchill)
- 2025 ARCHIVED FORUM POSTS
- 322 ARCHIVED | Financial Edge® Tips and Tricks
- 164 ARCHIVED | Raiser's Edge® Blog
- 300 ARCHIVED | Raiser's Edge® Blog
- 441 ARCHIVED | Blackbaud Altru® Tips and Tricks
- 66 ARCHIVED | Blackbaud NetCommunity™ Blog
- 211 ARCHIVED | Blackbaud Target Analytics® Tips and Tricks
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- Luminate CRM DC Users Group
- 225 ARCHIVED | Blackbaud eTapestry® Tips and Tricks
- 1 Blackbaud eTapestry® Know How Blog
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)
- 1 Blackbaud K-12 Education Solutions™ Blog
- 280 ARCHIVED | Mixed Community Announcements
- 3 ARCHIVED | Blackbaud Corporations™ & Blackbaud Foundations™ Hosting Status
- 1 npEngage
- 24 ARCHIVED | K-12 Announcements
- 15 ARCHIVED | FIMS Host*Net Hosting Status
- 23 ARCHIVED | Blackbaud Outcomes & Online Applications (IGAM) Hosting Status
- 22 ARCHIVED | Blackbaud DonorCentral Hosting Status
- 14 ARCHIVED | Blackbaud Grantmaking™ UK Hosting Status
- 117 ARCHIVED | Blackbaud CRM™ and Blackbaud Internet Solutions™ Announcements
- 50 Blackbaud NetCommunity™ Blog
- 169 ARCHIVED | Blackbaud Grantmaking™ Tips and Tricks
- Advocacy DC Users Group
- 718 Community News
- Blackbaud Altru® Hosting Status
- 104 ARCHIVED | Member Spotlight
- 145 ARCHIVED | Hosting Blog
- 149 JustGiving® from Blackbaud® Blog
- 97 ARCHIVED | bbcon® Blogs
- 19 ARCHIVED | Blackbaud Luminate CRM™ Announcements
- 161 Luminate Advocacy News
- 187 Organizational Best Practices Blog
- 67 everydayhero Blog
- 52 Blackbaud SKY® Reporting Announcements
- 17 ARCHIVED | Blackbaud SKY® Reporting for K-12 Announcements
- 3 Luminate Online Product Advisory Group (LO PAG)
- 81 ARCHIVED | JustGiving® from Blackbaud® Tips and Tricks
- 1 ARCHIVED | K-12 Conference Blog
- Blackbaud Church Management™ Announcements
- ARCHIVED | Blackbaud Award Management™ and Blackbaud Stewardship Management™ Announcements
- 1 Blackbaud Peer-to-Peer Fundraising™, Powered by JustGiving® Blogs
- 39 Tips, Tricks, and Timesavers!
- 56 Blackbaud Church Management™ Resources
- 154 Blackbaud Church Management™ Announcements
- 1 ARCHIVED | Blackbaud Church Management™ Tips and Tricks
- 11 ARCHIVED | Blackbaud Higher Education Solutions™ Announcements
- 7 ARCHIVED | Blackbaud Guided Fundraising™ Blog
- 2 Blackbaud Fundraiser Performance Management™ Blog
- 9 Foundations Events and Content
- 14 ARCHIVED | Blog Posts
- 2 ARCHIVED | Blackbaud FIMS™ Announcement and Tips
- 59 Blackbaud Partner Announcements
- 10 ARCHIVED | Blackbaud Impact Edge™ EAP Blogs
- 1 Community Help Blogs
- Diocesan Blackbaud Raiser’s Edge NXT® Users' Group
- Blackbaud Consultant’s Community
- Blackbaud Francophone Group
- 1 BLOG ARCHIVE CATEGORY
- Blackbaud Community™ Discussions
- 8.3K Blackbaud Luminate Online® & Blackbaud TeamRaiser® Discussions
- 5.7K Jobs Board