Home › Forums › BulletProof Security Pro › Access Control Allow Origin
- This topic has 1 reply, 2 voices, and was last updated 4 years, 1 month ago by AITpro Admin.
-
AuthorPosts
-
PetrusParticipant
Hi there
We’ve recently installed Leopard, which allows us to offload all images, css & js to load from a bucket created in google cloud storage. Very cool for saving space and speeding up the site:
https://codecanyon.net/item/leopard-wordpress-offload-media/23728788However now we’re getting errors and not sure how to resolve it.
Tried adding the following to my root access file but it did not work
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$"> <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule> </FilesMatch>
Errors example:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://twktest1.storage.googleapis.com/cloud/twktest-assets/webfonts/fa-brands-400.woff. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). downloadable font: download failed (font-family: "Font Awesome 5 Brands" style:normal weight:400 stretch:100 src index:2): bad URI or cross-site access not allowed source: https://twktest1.storage.googleapis.com/cloud/twktest-assets/webfonts/fa-brands-400.woff Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://twktest1.storage.googleapis.com/cloud/twktest-assets/webfonts/fa-brands-400.ttf. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). downloadable font: download failed (font-family: "Font Awesome 5 Brands" style:normal weight:400 stretch:100 src index:3): bad URI or cross-site access not allowed source: https://twktest1.storage.googleapis.com/cloud/twktest-assets/webfonts/fa-brands-400.ttf
AITpro AdminKeymasterTry removing the IfModule code as shown below. Some host servers do not read IfModule conditions correctly.
1. Copy the code below into this BPS Root Custom Code text box: 1. CUSTOM CODE TOP PHP/PHP.INI HANDLER/CACHE CODE:
2. Click the save Root Custom Code button.
3. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.<FilesMatch "\.(ttf|otf|eot|woff|woff2)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch>
Important!!! You may also need to setup cross-domain support on your remote resource. See these links below.
https://cloud.google.com/storage/docs/cross-origin
https://cloud.google.com/storage/docs/configuring-cors
https://cloud.google.com/storage/docs/xml-api/put-bucket-cors -
AuthorPosts
- You must be logged in to reply to this topic.