Loading

Marketing Cloud Personalization | CORS Errors: Causes and Resolutions

Fecha de publicación: Apr 17, 2026
Descripción

When implementing Marketing Cloud Personalization on a website, you may see CORS (Cross-Origin Resource Sharing) errors in the browser console. This issue is most commonly caused by improper loading of the Salesforce Interactions SDK, or by malformed event data sent via the Sitemap.

Solución
CORS errors in this context primarily fall into two categories:

  • SDK Loading: The browser blocks access to the SDK file (evergage.min.js) when it is actively fetched via script from the CDN.

  • Event Dispatch (API requests): The SDK loads successfully, but the browser rejects the response from a specific API call.

The causes and resolutions for each are described below.

1. CORS Error During SDK Loading

When the SDK file (evergage.min.js) is fetched directly from Personalization's CDN using JavaScript's fetch() API or XMLHttpRequest, the browser blocks the reading of the response.

  • Cause: Personalization's CDN server is not designed to handle fetch-style cross-origin requests for script files. As a result, it does not return the required CORS response headers (such as Access-Control-Allow-Origin), causing the browser to reject the response.

  • Resolution: As a general rule, load the SDK using a standard <script> tag. If you need to insert it dynamically, use document.createElement('script'), set the src attribute to the SDK URL, and append it to the DOM. This approach uses the browser's script loading mechanism, which is not subject to the same-origin policy restrictions that apply to fetch() and XMLHttpRequest.

  • Special case (service constraints such as CMS): If the constraints of your CMS or other service force you to use fetch() to load external resources, consider setting up a reverse proxy server on your own infrastructure that adds the appropriate CORS headers before forwarding the SDK response to the browser. Note that this is a non-standard configuration and will require implementation and ongoing maintenance by your own engineering team.

2. CORS Error During Event Dispatch (API Requests)

In some cases, the SDK loads successfully, but requests to the Personalization endpoint fail with a CORS error when certain user interactions occur.

  • Cause: In most cases, the root cause is not a network-level issue but rather a malformed Sitemap definition — such as a missing required field or an attribute with an incorrect data type. When the server rejects the request as invalid, its error response does not include CORS allow headers (e.g., Access-Control-Allow-Origin). Because the browser receives a response without these headers, it surfaces the error as a CORS violation, even though the underlying issue is a bad request.

  • Resolution: Open the browser's developer tools, navigate to the Network tab, and select the failing request. Inspect the request payload (which may be confirmed by Base64-decoding the parameters contained in the URL) and update your Sitemap so that the event data meets the requirements on the Personalization side.

 --

If the Issue Persists (Contacting Support)

If the above steps do not resolve the issue, please contact Salesforce Support with the following information:

  • For all cases: The URL of the page where the error occurs, and a screenshot of the browser console log.

  • For event dispatch errors: The full Request Payload (JSON) of the failing request, as captured in the browser's Network tab.

Número del artículo de conocimiento

005317996

 
Cargando
Salesforce Help | Article