[solved] CORS Issue

[Bobby]

Hello!
I'm frustrated. I've got a CORS issue, and can't seem to resolve it.
The link is: stripped
It's throwing CORS error because it's trying to load a font at stripped I've got a rule in the .htaccess, but it doesn't seem to help. Can you tell me what I should add and where? Pulling my hair out on this one.
Thanks!

 

[Tishu]

Hello,

I just check that page and i can see that the font ( https://soldiersbestfriend.org/wp-content/themes/Divi/core/admin/fonts/modules.ttf ) its loading fine with no problem.

 

[Bobby]

I'm still getting CORS warnings, and the font isn't loading on the 4petsforvets subdomain.

 

[NiteWave]

for rules in
https://www.litespeedtech.com/suppo...n-lsws-but-works-in-apache.16382/#post-102554

RewriteCond %{HTTP:Origin} ^http(s)?://(.+\.)?(domain1.com|domain2.com)$
RewriteRule \.(otf|ttf|eot|woff)$ - [E=THE_ORIGIN:%0]
Header set Access-Control-Allow-Origin %{THE_ORIGIN}e env=THE_ORIGIN

replace with actual domain

RewriteCond %{HTTP:Origin} ^http(s)?://(.+\.)?(soldiersbestfriend.org)$
RewriteRule \.(otf|ttf|eot|woff)$ - [E=THE_ORIGIN:%0]
Header set Access-Control-Allow-Origin %{THE_ORIGIN}e env=THE_ORIGIN

 

[Bobby]

I tried that at one point too. I see the header:

Access-Control-Allow-Origin => *

at http://www.webconfs.com/http-header-check.php, but Chrome doesn't seem to honor this at all.
I'm not sure what to do to make Chrome listen.

 

[NiteWave]

but

~>curl -I https://soldiersbestfriend.org/wp-content/themes/Divi/core/admin/fonts/modules.ttf
HTTP/1.1 200 OK
Date: Tue, 05 Jun 2018 14:13:14 GMT
Content-Type: font/ttf
Content-Length: 92400
Connection: keep-alive
Set-Cookie: __cfduid=d2a5bd3821563221e212edf26a24c2ba51528207994; expires=Wed, 05-Jun-19 14:13:14 GMT; path=/; domain=.soldiersbestfriend.org; HttpOnly
Cache-Control: public, max-age=2592000
Expires: Thu, 05 Jul 2018 14:13:14 GMT
Last-Modified: Tue, 29 May 2018 23:05:44 GMT
Alt-Svc: quic=":443"; ma=2592000; v="35,37,38,39"
X-Turbo-Charged-By: LiteSpeed
CF-Cache-Status: HIT
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 42633d1e795d57dd-DFW

no "Access-Control-Allow-Origin:*" in it.

 

[Bobby]

That must be the problem then. How do I get the header there? I have an htaccess file in the wp-content/themes/Divi/core/admin/fonts/ folder.

 

[NiteWave]

what's the content of wp-content/themes/Divi/core/admin/fonts/.htaccess ?

 

[Bobby]

The same thing as the .htaccess in public_html. I copied the whole htaccess file and moved it to the wp-content/themes/Divi/core/admin/fonts/

 

[NiteWave]

how about try the simple one first:
Header set Access-Control-Allow-Origin "*"

 

[Bobby]

I've got that in place, but one thing I'm going to do real quick is purge CloudFlare cache. Make sure it's not the issue here.

 

[Pong]

still any issue?

 

[Bobby]

Yeah, I purged CloudFlare and it's still not putting the header in.

 

[NiteWave]

looks like the issue already resolved:

~>curl -I https://soldiersbestfriend.org/wp-content/themes/Divi/core/admin/fonts/modules.ttf
HTTP/1.1 200 OK
Date: Wed, 06 Jun 2018 03:50:40 GMT
Content-Type: font/ttf
Content-Length: 92400
Connection: keep-alive
Set-Cookie: __cfduid=df39f0e6e44c8cf5a3e1cb4796ca82c691528257040; expires=Thu, 06-Jun-19 03:50:40 GMT; path=/; domain=.soldiersbestfriend.org; HttpOnly
Cache-Control: public, max-age=2592000
Expires: Fri, 06 Jul 2018 03:50:40 GMT
Last-Modified: Mon, 04 Jun 2018 13:32:31 GMT
Access-Control-Allow-Origin: *
Alt-Svc: quic=":443"; ma=2592000; v="35,37,38,39"
X-Turbo-Charged-By: LiteSpeed
CF-Cache-Status: HIT
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4267ea881edd5801-DFW

now header "Access-Control-Allow-Origin: *" is there.

 

[Bobby]

It is, thank you!
I think it was part the rule itself, and the other part was CloudFlare.

 

[soliman18eg]

Hi I have the same issue
Access to font at 'https://cdn.zamzamplace.com/wp-content/themes/buddyboss-theme/assets/fonts/SFUIText-Regular.woff' from origin 'https://zamzamplace.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.



all because I created cloudfront distribution using WP off load plugin

https://deliciousbrains.com/wp-offload-media/#addons

I tried it this code over there correctly as follow in Htaccess file first thing on the top.

RewriteCond %{HTTP:Origin} ^http(s)?://(.+\.)?(domain1.com|domain2.com)$
RewriteRule \.(otf|ttf|eot|woff)$ - [E=THE_ORIGIN:%0]
Header set Access-Control-Allow-Origin %{THE_ORIGIN}e env=THE_ORIGIN

and finally I tried this as well https://openlitespeed.org/kb/setting-up-cors-on-openlitespeed/
however nothing working for me. I am working on this for few days already. here is what I am using
1- aws EC2 server
2- open lite speed server
3- subdirectory multisite wordpress
4- buddyboss theme
I would appreciate the help

 

[Pong]

Please raise your question at OpenLiteSpeed forum at https://forum.openlitespeed.org/

 

[soliman18eg]

Please raise your question at OpenLiteSpeed forum at https://forum.openlitespeed.org/

somhow I made it workout, there are many variables I am not sure exactly what i did coorect. but for sure I will investagte and I wll post it in the community to help other.

now I am facing another issue I will will try to work around it tonight and if not I will post new thread