[solved] CORS Issue

Discussion in 'General' started by Bobby, Jun 5, 2018.

  1. Bobby

    Bobby Member

    Hello!
    I'm frustrated. I've got a CORS issue, and can't seem to resolve it.
    The link is: stripped
    It's throwing CORS error because it's trying to load a font at stripped I've got a rule in the .htaccess, but it doesn't seem to help. Can you tell me what I should add and where? Pulling my hair out on this one.
    Thanks!
     
    Last edited: Jun 7, 2018
  2. Tishu

    Tishu Well-Known Member

    Hello,

    I just check that page and i can see that the font ( https://soldiersbestfriend.org/wp-content/themes/Divi/core/admin/fonts/modules.ttf ) its loading fine with no problem.
     
    Last edited by a moderator: Jun 5, 2018
  3. Bobby

    Bobby Member

    I'm still getting CORS warnings, and the font isn't loading on the 4petsforvets subdomain.
     
  4. NiteWave

    NiteWave Administrator

    for rules in
    https://www.litespeedtech.com/suppo...n-lsws-but-works-in-apache.16382/#post-102554
    Code:
    RewriteCond %{HTTP:Origin} ^http(s)?://(.+\.)?(domain1.com|domain2.com)$
    RewriteRule \.(otf|ttf|eot|woff)$ - [E=THE_ORIGIN:%0]
    Header set Access-Control-Allow-Origin %{THE_ORIGIN}e env=THE_ORIGIN
    
    replace with actual domain
    Code:
    RewriteCond %{HTTP:Origin} ^http(s)?://(.+\.)?(soldiersbestfriend.org)$
    RewriteRule \.(otf|ttf|eot|woff)$ - [E=THE_ORIGIN:%0]
    Header set Access-Control-Allow-Origin %{THE_ORIGIN}e env=THE_ORIGIN
    
     
  5. Bobby

    Bobby Member

    I tried that at one point too. I see the header:
    Code:
    Access-Control-Allow-Origin => *
    at http://www.webconfs.com/http-header-check.php, but Chrome doesn't seem to honor this at all.
    I'm not sure what to do to make Chrome listen.
     
    Last edited by a moderator: Jun 6, 2018
  6. NiteWave

    NiteWave Administrator

    but
    Code:
    ~>curl -I https://soldiersbestfriend.org/wp-content/themes/Divi/core/admin/fonts/modules.ttf
    HTTP/1.1 200 OK
    Date: Tue, 05 Jun 2018 14:13:14 GMT
    Content-Type: font/ttf
    Content-Length: 92400
    Connection: keep-alive
    Set-Cookie: __cfduid=d2a5bd3821563221e212edf26a24c2ba51528207994; expires=Wed, 05-Jun-19 14:13:14 GMT; path=/; domain=.soldiersbestfriend.org; HttpOnly
    Cache-Control: public, max-age=2592000
    Expires: Thu, 05 Jul 2018 14:13:14 GMT
    Last-Modified: Tue, 29 May 2018 23:05:44 GMT
    Alt-Svc: quic=":443"; ma=2592000; v="35,37,38,39"
    X-Turbo-Charged-By: LiteSpeed
    CF-Cache-Status: HIT
    Accept-Ranges: bytes
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 42633d1e795d57dd-DFW
    
    no "Access-Control-Allow-Origin:*" in it.
     
  7. Bobby

    Bobby Member

    That must be the problem then. How do I get the header there? I have an htaccess file in the wp-content/themes/Divi/core/admin/fonts/ folder.
     
  8. NiteWave

    NiteWave Administrator

    what's the content of wp-content/themes/Divi/core/admin/fonts/.htaccess ?
     
  9. Bobby

    Bobby Member

    The same thing as the .htaccess in public_html. I copied the whole htaccess file and moved it to the wp-content/themes/Divi/core/admin/fonts/
     
  10. NiteWave

    NiteWave Administrator

    how about try the simple one first:
    Header set Access-Control-Allow-Origin "*"
     
  11. Bobby

    Bobby Member

    I've got that in place, but one thing I'm going to do real quick is purge CloudFlare cache. Make sure it's not the issue here.
     
  12. Pong

    Pong Well-Known Member Staff Member

    still any issue?
     
  13. Bobby

    Bobby Member

    Yeah, I purged CloudFlare and it's still not putting the header in.
     
  14. NiteWave

    NiteWave Administrator

    looks like the issue already resolved:
    Code:
    ~>curl -I https://soldiersbestfriend.org/wp-content/themes/Divi/core/admin/fonts/modules.ttf
    HTTP/1.1 200 OK
    Date: Wed, 06 Jun 2018 03:50:40 GMT
    Content-Type: font/ttf
    Content-Length: 92400
    Connection: keep-alive
    Set-Cookie: __cfduid=df39f0e6e44c8cf5a3e1cb4796ca82c691528257040; expires=Thu, 06-Jun-19 03:50:40 GMT; path=/; domain=.soldiersbestfriend.org; HttpOnly
    Cache-Control: public, max-age=2592000
    Expires: Fri, 06 Jul 2018 03:50:40 GMT
    Last-Modified: Mon, 04 Jun 2018 13:32:31 GMT
    Access-Control-Allow-Origin: *
    Alt-Svc: quic=":443"; ma=2592000; v="35,37,38,39"
    X-Turbo-Charged-By: LiteSpeed
    CF-Cache-Status: HIT
    Accept-Ranges: bytes
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 4267ea881edd5801-DFW
    
    now header "Access-Control-Allow-Origin: *" is there.
     
  15. Bobby

    Bobby Member

    It is, thank you!
    I think it was part the rule itself, and the other part was CloudFlare.
     
    NiteWave likes this.

Share This Page