Help with Access-Control-Allow-Origin

Home Forums BulletProof Security Free Help with Access-Control-Allow-Origin

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #42259

    Hi, I’ve just redeveloped a site which has two application forms coming in from an external site which needs to load associated javascript from their end. The site was developed on a staging URL and the forms work fine there. I’ve just cloned the site and migrated it to its live server, and the forms are not displaying, with this in the console (redacted by me):

    Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 401.

    I contacted the host about it and they added this to the htaccess – Access-Control-Allow-Origin: * – directly above your speed boost custom code (they don’t realise BPS handles the htaccess files). It didn’t help so I removed it.

    I searched here and found this, which I’ve added inside the ifModule mod_header.c block, at the bottom, in your speed boost custom code, modified to allow access only from the external site, rather than any site:

    <FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
    Header set Access-Control-Allow-Origin ""

    Also not working. It’s strange because the site is an exact clone of the staging site, which doesn’t have this in the htaccess but displays the forms fine. Any ideas?


    No worries, scratch that. It turned out to be a configuration issue at the other end, now fixed. So to have troubled you.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.