Ackee requires correct CORS headers. ackee-tracker (the script that sends data from your sites to Ackee) won't be able to contact your server when the CORS headers aren't available or when they are configured incorrectly.
When a site wants to send data to a different domain it needs the permissions to do so. Browsers use an OPTIONS request (preflight request) that checks to see if the CORS protocol is understood.
Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Methods: GET, POST, PATCH, OPTIONS
Access-Control-Allow-Headers: Content-Type
Your server needs to allow requests from your sites (recommended) or from all sites (easier to implement, but insecure).
Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Origin: *
The Access-Control-Allow-Origin header only allows one domain or a wildcard (*). Take a look at our advanced configuration if you want to allow requests from multiple domains without using the insecure wildcard.
ackee-tracker needs the permission to send GET, POST, PATCH and OPTIONS requests to the server.
Access-Control-Allow-Methods: GET, POST, PATCH, OPTIONS
The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
Access-Control-Allow-Headers: Content-Type
If you are running Ackee on a platform which handles SSL for you, you may want a quick solution for setting CORS headers instead of using a reverse proxy.
As an environment variable, you will need to just set:
ACKEE_ALLOW_ORIGIN="https://example.com"The proper header value for Access-Control-Allow-Origin will be set with the other headers being the recommended values.