After Wrap an internet mobile application, we can see several times:
"access to XMLHttpRequest at 'https://www.google-analytics.com/j/collect?v=1&dl=http%3A%2F%2Fstaticx%2Fpages%2FSplashCache.html%3FisApp%33Dtrue&ul=es-us has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controleed by the withCredentials attribute"
CORS preflight requests are triggered due to our SDK adding custom APM headers to every XMLHttpRequests.
Release : 20.2
Component : APP EXPERIENCE ANALYTICS ENGINE
Add a CORS ignore url list, to our interceptor file and avoid injecting APM headers to requests to those urls. We can add analytics URL to the ignore list.
Long term solution (potential) :
We do not add headers when the credential more of XmlHttpRequest is included. This could mean that, if this is a global setting APM tracking will be disabled completely.
A debug SDK can be provided, please contact https://support.broadcom.com/ and refer to this knowledge article in order to get the fix.