Question

Why CORS policy is not working in any browser when its header exist in response?

Posted October 10, 2018 8.7k views
Apache WordPress Ubuntu 16.04

I’ve added Header set Access-Control-Allow-Origin "*" in apache httpd.conf but still i get CORS policy error in console.

Apache httpd.conf:

<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>

Console error:

Redirect from ... to ... has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ... is therefore not allowed access.

And You can see the response headers in this image.

https://i.stack.imgur.com/XM9Rp.png

My website is a multisite Wordpress. I’ve tested different plugins for this purpose and also .htaccess. Everything including ajax requests from subdomains and vice versa were fine but suddenly this error happened without touching a single code on the server. Is there any solution for this error?

Add a comment
majix
By:
majix
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer
unixynet October 10, 2018

Can you move the header directive inside your SSL vhost in httpd.conf (or wherever you have the vhost defined:

<VirtualHost IP_ADDRESS:443>

...<snip>...

<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</VirtualHost>

Make sure that all checks out before you restart Apache:

httpd -t || apachectl -t
Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help