In the console, I am receiving an error message stating that the resource has been blocked by the CORS policy and that no ‘Access-Control-Allow-Origin’ header is present.

This problem is preventing me from creating stories as I am unable to see the images. I require assistance in resolving this issue.

I am trying to get something called the Universal Viewer (https://universalviewer.io/) to read an IIIF manifest from our repository (https://digital.library.jhu.edu/node/15919/manifest) and display the items in the manifest on screen, embedded in a WordPress page.

Here is my code, just plopped down on a regular ol WordPress page:

<iframe src="https://1p175.csb.app/uv.html#?manifest=https://digital.library.jhu.edu/node/15919/manifest" allowfullscreen="" width="560" height="420" frameborder="0"></iframe>

But that’s not my problem! My problem is that I keep getting the CORS Missing Allow Origin error when it’s making the call out to grab the manifest from the remote server.

I’ve tried the .htaccess method for setting the Access-Control-Allow-Origin header directive, but no joy.

And here is what I’ve just now put in my local functions.php file, yet still no joy:

function add_cors_http_header(){
    header("Access-Control-Allow-Origin: *");
}
add_action('init','add_cors_http_header');

I go to take a peek at my headers and never see the Access-Control-Allow-Origin directive at all.

How can I force this header directive to show up in WordPress?

MUCH appreciated!

Mark

When I export the site from dev, then import it to stage, several resources on the homepage display incorrectly and there are a handful of console errors (see below).

Access to font at 'https://192.168.98.2/blackandbrass/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.ttf' from origin 'https://localhost' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

GET https://192.168.98.2/blackandbrass/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.ttf net::ERR_FAILED

Access to font at 'https://192.168.98.2/blackandbrass/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff' from origin 'https://localhost' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

GET https://192.168.98.2/blackandbrass/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.woff net::ERR_FAILED

192.168.98.2 is the dev server and localhost is the stage. I’ve used this method for several other projects before and I have never had this issue. Does anyone have any insight on this issue? Please let me know, thank you.`

Access to CSS stylesheet at ‘https://use.fontawesome.com/releases/v5.15.3/css/all.css’ from origin ‘https://grskate.wordifysites.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Access to CSS stylesheet at ‘https://use.fontawesome.com/releases/v5.15.3/css/v4-shims.css’ from origin ‘https://grskate.wordifysites.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

However, if I explicitly embed an icon with html, it loads just fine.

We have the following section at the very top of our wordpress-vhosts.conf file:

# Set CORS - Added by Alex M on 15 July 2021
  <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|webmanifest|font.css)$">
    <IfModule mod_headers.c>
      Header set Access-Control-Allow-Origin "*"
    </IfModule>
  </FilesMatch>
  # End Set CORS

But it seems that .woff2 files continues to be blocked:

Access to font at ‘https://questcoffee.com.au/wp-content/themes/azuma/fontawesome/webfonts/fa-solid-900.woff2’ from origin ‘https://www.questcoffee.com.au’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

In our CloudFront distribution, we have both questcoffee.com.au and www.questcoffee.com.au setup as Origin domains.

Help would be appreciated!

Please, someone who can help me with this error, the video is black and only heard but not seen.

This is the error that appears in the console: Access to XMLHttpRequest at ‘https://googleads.g.doubleclick.net/pagead/id’ from origin ‘https://www.youtube-nocookie.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Regards and many Thanks!

I added below code to .htaccess, but still facing same issue.

AddType application/vnd.ms-fontobject .eot
AddType application/x-font-ttf        .ttf
AddType application/x-font-opentype   .otf
AddType application/font-woff         .woff

<FilesMatch ".(eot|ttf|otf|woff)">
  Header set Access-Control-Allow-Origin "*"
</FilesMatch>

Due to this my website is not rendering properly. Please take a look & let me know how can I solve this issue.

I have setup AWS CDN and followed https://aws.amazon.com/premiumsupport/knowledge-center/no-access-control-allow-origin-error/ to setup CORS for origin requests.

But I am not sure how to do this part of the instructions “Note: Be sure to also forward the header as part of your client request to CloudFront, which CloudFront forwards to the origin.”

The web page is returning the following errors:

timor-leste-co-op-organic-medium-dark-roast:1 Access to font at 'https://d2og65f1kwx1z6.cloudfront.net/wp-content/themes/azuma/fontawesome/webfonts/fa-solid-900.woff2' from origin 'https://www.questcoffee.com.au' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

11:03:40.990 all.min.css:1 GET https://d2og65f1kwx1z6.cloudfront.net/wp-content/themes/azuma/fontawesome/webfonts/fa-solid-900.woff2 net::ERR_FAILED

11:03:41.248 timor-leste-co-op-organic-medium-dark-roast:1 Access to manifest at 'https://d2og65f1kwx1z6.cloudfront.net/wp-content/uploads/fbrfg/site.webmanifest' from origin 'https://www.questcoffee.com.au' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

11:03:41.248 d2og65f1kwx1z6.cloudfront.net/wp-content/uploads/fbrfg/site.webmanifest:1 GET https://d2og65f1kwx1z6.cloudfront.net/wp-content/uploads/fbrfg/site.webmanifest net::ERR_FAILED

Access-Control-Allow-Origin is set to *
Any ideas?
I also get the warnings for cookies from wp not sure if related

A cookie associated with a cross-site resource at https://wp.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure.

Great plugin by the way!