Failed Ajax request or invalid JSON returned (has been blocked by CORS policy). No message in php log files

Describe the issue or problem

I got an error message instead of a list of users after clicking on “users” link. Note that this issue will only be happening with our custom domain names on a multi journals hosting OJS environment


Steps I took leading up to the issue

I’ve listed the steps below for how I access the Users (“users” link) of a journal within the Administration side of our site with the ojsadmin account.


  1. Log in with ojsadmin account
  2. On any public homepage of a journal or our Journal Hosting site, access the Administration page by hovering over the ojsadmin user name in the upper-right hand corner. Select Administration from the 4 options.
  3. Under Site Management, select Hosted Journals
  4. Scroll to the relevant journal – in this case CDM – and click on the blue arrow to open the options
  5. Select Users from the 4 options listed below the journal title.
  6. Once selected a User pop-up will partially appear, but an error message will also pop-up (Failed Ajax request or invalid JSON returned)

! Usually a list of users of the journal would appear.

Let me know if you have any questions about this or would like any help resolving this.

Thank you,

What application are you using?

OJS 3.3.0-8

Additional information

I am almost certain the issue is with CORS policy being violated but I do not know how to fix. I have tried to write .htaccess with configuration “Header set Access-Control-Allow-Origin “*”” but no luck.

Can you please help out.


Chrome console message:

Access to XMLHttpRequest at ‘$$$call$$$/grid/admin/context/context-grid/users?_=1666389963357’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Many thanks!


Hi @Dung

This wouldn’t be because you’ve got a custom domain for a journal and you’re loading the Users grid from the administration area, are you? If so, that’s a known bug:


Good Morning @jnugent ,

Thank you for your reply, it helps giving me direction of what to do with this issue. To answer your question:

  1. Yes, we access Users grid of a custom domain from OJS Administration / Hosted Journals as seen below


  1. This error message does not happen, in other word it works on our Dev server where we do not use custom domain (Users grid will load after Ajax call). The Dev env has same code version and same database, as expected it has different configuration for base_url due to not using custom domains. Can you help explaining why it works on none custom domains dev server (we have about 4 custom domains)?

  2. As suggested in the post/link you gave above I tried to resolve CORS error by putting in our Virtual Host apache config section this line: (Header set Access-Control-Allow-Origin “*”) I now got this error message: “The current role does not have access to this operation.”


This error message from my understanding is the same bug that you pointed out here.

  1. If you think it makes sense all what I mentioned here and it is a bug then yes I will have no problem looking forward to upgrade from our current 3.3.0-8 to OJS current 3.3.0-12.

Let me know your thoughts. Thank you again so much!


Hi @dung

I’m pretty sure this bug is not yet fixed in OJS 3.3 so upgrading to will not solve it for you. I can still duplicate the problem in (which is current - you should upgrade anyway, for the security issues fixed there).

There may be other things causing the problem - The users grid in the administration area, when editing a journal, will try to fetch that grid using the custom URL for the journal in question. If you’re not logged into that journal you won’t have a session cookie set and you’ll get a JSON error.


1 Like