Hi, I’ve just redeveloped a site which has two application forms coming in from an external site which needs to load associated javascript from their end. The site was developed on a staging URL and the forms work fine there. I’ve just cloned the site and migrated it to its live server, and the forms are not displaying, with this in the console (redacted by me):
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://xxxxxxxx.xxxxx.com/fieldsets/c/xxxxredactedxxx. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401.
I contacted the host about it and they added this to the htaccess – Access-Control-Allow-Origin: * – directly above your speed boost custom code (they don’t realise BPS handles the htaccess files). It didn’t help so I removed it.
I searched here and found this, which I’ve added inside the ifModule mod_header.c block, at the bottom, in your speed boost custom code, modified to allow access only from the external site, rather than any site:
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
Header set Access-Control-Allow-Origin "https://xxxxxxxx.xxxxx.com"
</FilesMatch>
Also not working. It’s strange because the site is an exact clone of the staging site, which doesn’t have this in the htaccess but displays the forms fine. Any ideas?
.
