Recently we enhanced our security headers and started facing ‘error in processing request’ in ajax calls.
Error text: NetworkError: Failed to execute ‘send’ on ‘XMLHttpRequest’: Failed to load ‘http://masked.url/ajax.php’. (rejected) It seems that the connection to the server has been lost. Please check your network connectivity and server status.
After troubleshooting, we found that there was an issue with the ajax calls that were rejected because we were recently added a set of Feature-Policy in which sync-xhr was set to none as shown below and it was blocking ajax calls in the server.
Here is our initial Feature-Policy in the NGINX configuration file.
add_header Feature-Policy "accelerometer none; ambient-light-sensor none; autoplay none; camera none; encrypted-media none; fullscreen none; geolocation none; gyroscope none; magnetometer none; microphone none; midi none; payment none; speaker none; usb none; notifications none; sync-xhr none; vibrate none; push none; vr none;";
Sync-xhr controls whether the current document is allowed to make synchronous XMLHttpRequest requests.
Removing it fixes the issue. Just edit the config file and reload or restart the web server once.
Leave a Reply