Why CORS policy is not working in any browser when its header exist in response?

October 10, 2018 4.6k views
Apache WordPress Ubuntu 16.04

I’ve added Header set Access-Control-Allow-Origin "*" in apache httpd.conf but still i get CORS policy error in console.

Apache httpd.conf:

<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"

Console error:

Redirect from ... to ... has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ... is therefore not allowed access.

And You can see the response headers in this image.


My website is a multisite Wordpress. I’ve tested different plugins for this purpose and also .htaccess. Everything including ajax requests from subdomains and vice versa were fine but suddenly this error happened without touching a single code on the server. Is there any solution for this error?

1 Answer

Can you move the header directive inside your SSL vhost in httpd.conf (or wherever you have the vhost defined:

<VirtualHost IP_ADDRESS:443>


<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"

Make sure that all checks out before you restart Apache:

httpd -t || apachectl -t
Have another answer? Share your knowledge.