Muchkin Cookie is getting blocked by CORS Policy - How do I fix this? | Community
Skip to main content
K
Katie_Delvalle
New Participant
January 23, 2020
Solved

Muchkin Cookie is getting blocked by CORS Policy - How do I fix this?

  • January 23, 2020
  • 3 replies
  • 7923 views

Hello, 

I'm moving my munchkin code to Google Tag Manager to create some consistency across my 7 websites. I made the move and I cleared my cache to test it but the _mkto_trk was never assigned. After digging further I found this error:  

I've been doing a stream of Google searches and the error makes sense. What I can't figure out is what I have to do to my Marketo instance or the Muchkin code in order to not error out. I have no customization on my Munchkin code, yet,  and I'm using the Asynchronous version. 

Since I started troubleshooting I put the Munchkin code directly on my Wordpress website in the header and within my Google Tag Manager container. Here's the link to the site I'm working on - https://www.arvigbusiness.com/ 

Is there a fix it tutorial or can someone outline the steps to fix this? Thanks for all the help I appreciate it! 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by SanfordWhiteman

No errors listed in Incognito mode. Just while logged into Chrome with my secondary account. If this error isn't stopping the Marketo Cookie from being assigned my using the id as the user ID shouldn't be affected - right? What does this error affect? I was thinking it was blocking the cookie from getting saved which doesn't appear to be the case. 

There's way to much to learn! Thanks for helping. Slowly but surely I'm understanding more and more. 


If you aren't getting the CORS error from an Incognito window in the same profile that gives you the error (in the non-Incog window) then I'd assume it's actually a Chrome extension throwing the error. Extensions don't run in Incognito by default.

3 replies

K
Katie_DelvalleAuthor
New Participant
January 23, 2020

Thanks @Sanford Whiteman‌! 

I'm thinking I can send this error to my web developer and I'll hope that they understand this error well enough to fix it. I will wait for that fix to be implemented before doing anymore troubleshooting on that website. 

What about the arvigbusiness.com site? I get the assigned the cookie sometimes, but not always. Is there something I can do to make this cookie assignment be more consistent? 

SanfordWhiteman
SanfordWhiteman
New Participant
January 23, 2020

What is the exact browser version you are using?

The cookie assignment is not related to CORS. That CORS error is happening when the tracking pixel loads, which is after the cookie is set.

K
Katie_DelvalleAuthor
New Participant
January 23, 2020

Thank you for educating me. I'm learning all this stuff on the fly and haven't found a good article to break all of this down well enough so that I really understand it. I am using Google Chrome - Version 79.0.3945.130 (Official Build) (64-bit). I have 2 profiles set on this web browser. I get the error on my secondary account, but don't get the CORS error on my primary account. 

Did that answer your question?

SanfordWhiteman
SanfordWhiteman
New Participant
January 23, 2020

First: you're mixing up CORS, cookies, and CSP -- these are all markedly different areas, so it's important to target one at a time or communication will quickly break down.

Let me start with the last sub-question:

One of my non-wordpress based sites, arvig.net,  is blocking the Munchkin code and Google Tag Manager and I have no idea why.    Here's that error: 

The reason is pretty explicit in the error message. You're sending the CSP header...

HTTP/1.1 200 OK
Date: Thu, 23 Jan 2020 17:09:12 GMT
Server: Apache
Cache-Control: no-cache, private
Content-Security-Policy: default-src 'none'; base-uri 'none'; connect-src 'self' https://*.olark.com https://*.hotjar.com; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://*.marke
to.com https://*.jotform.com https://*.jotformpro.com https://*.arvig.com https://*.arvig.net; frame-ancestors 'none'; frame-src 'self' https://*.jotform.com https://*.jotformpro.com https://*.marketo
.com https://*.youtube.com https://youtu.be https://*.arvig.com https://*.arvig.net https://*.olark.com https://*.google.com httsp://*.hotjar.com https://*.hotjar.com https://*.paymentus.com; img-src
'self' https://*.youtube.com https://*.olark.com https://www.google-analytics.com; manifest-src 'none'; media-src https://*.olark.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval
' https://*.marketo.com https://*.olark.com https://www.googletagmanager.com https://*.hotjar.com https://*.pointillist.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://f
onts.googleapis.com https://*.marketo.com https://*.olark.com https://*.hotjar.com https://www.google-analytics.com; worker-src 'none'
X-Content-Type-Options: nosniff
X-Download-Options: noopen‍‍‍‍‍‍‍‍‍‍‍‍

... but you haven't included a domain that matches munchkin.marketo.net.

When deploying optional security measures like CSP, you need to have full control of the technology stack (in other words, someone else cannot deploy CSP correctly on your behalf).

K
Katie_DelvalleAuthor
New Participant
January 23, 2020

I've been doing more digging so I thought I'd share some of what I found. 

1) The munchkin token is being assigned to my main user account and not failing when I'm logged in on Chrome. I can also get assigned a munchkin token (cookie, really not sure the correct term) when I use Firefox. 

2) I get the error when I'm logged into a secondary account on Chrome. 

3) One of the main reasons I'm using Google Tag Manager to deploy my tags is because I have many websites on different platforms. One of my non-wordpress based sites, arvig.net,  is blocking the Munchkin code and Google Tag Manager and I have no idea why.    Here's that error: 

Other random info:  I've set up my Google Analytics account with cross domain tracking, and am utilizing the Muchkin ID as my user ID in Google Analytics. I'm planning on adding something to my munchkin code or form embed code to be able to track the Munchkin ID back to my Marketo database so I can send that same ID number to my CRM - SugarCRM. I'm doing all of this with the hopes of pushing this data to a tool like Google Data Studio so I can create an end-to-end report to know what web pages, digital sources, ad campaigns are producing the best leads that help grow our revenue. (I know we are really behind on this!). My biggest concern right now is that without getting this Munchkin code to get assigned more consistently I'm going to get inaccurate data. 

Any ideas on how to solve for the Munchkin cookie getting assigned more consistently is really appreciated! 

Terms & ConditionsAccessibility statement

Loading footer...