The error message you’re encountering indicates that the request from your website to Facebook’s servers is being blocked due to CORS (Cross-Origin Resource Sharing) policy restrictions.

How to solve that problem?

Access to XMLHttpRequest at ‘https://www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=fbe_woocommerce&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df770970af46795e16%26domain%3Drawood.pl%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Frawood.pl%252Ffe7a0fe6934a073f7%26relation%3Dparent.parent&container_width=412&current_url=https%3A%2F%2Frawood.pl%2Fproduct%2Fdrewniany-kredens-z-litego-drewna-do-salonu-jadalni-marino%2F&event_name=chat_plugin_sdk_dialog_iframe_create&is_loaded_by_facade=true&loading_time=0&local_state=%7B%22v%22%3A2%2C%22path%22%3A2%2C%22chatState%22%3A1%2C%22visibility%22%3A%22hidden%22%2C%22showUpgradePrompt%22%3A%22not_shown%22%2C%22greetingVisibility%22%3A%22hidden%22%7D&locale=en_US&log_id=1b290e72-beec-4247-83ea-0cced1bc9235&page_id=1948314655427025&request_time=1712399348547&sdk=joey&suppress_http_code=1’ from origin ‘https://rawood.pl’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Access to fetch at ‘https://pci-connect.squareup.com/payments/hydrate?applicationId=sq0idp-wGVapF8sNt9PLrdj5znuKA&hostname=www.calmbywellness.com&locationId=BV1DZJAY3D34X&version=1.51.3’ from origin ‘https://web.squarecdn.com’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

Failed to load resource: net::ERR_FAILED
pci-connect.squareup.com/payments/mtx/v2:1 Failed to load resource: the server responded with a status of 503 ()
pci-connect.squareup.com/payments/mtx/v2:1 Failed to load resource: the server responded with a status of 503 ()
main-iframe.html:1 Access to fetch at ‘https://pci-connect.squareup.com/payments/hydrate?applicationId=sq0idp-wGVapF8sNt9PLrdj5znuKA&hostname=www.calmbywellness.com&locationId=BV1DZJAY3D34X&version=1.51.3’ from origin ‘https://web.squarecdn.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
pci-connect.squareup.com/payments/hydrate?applicationId=sq0idp-wGVapF8sNt9PLrdj5znuKA&hostname=www.calmbywellness.com&locationId=BV1DZJAY3D34X&version=1.51.3:1 Failed to load resource: net::ERR_FAILED

I created a subdomain of my website and I used duplicator to replicate the same website in this subdomain, however, I’m getting some errors in some fonts because he is trying to get info from the original website.

In browser console log shows me some errors like:
Access to font at ‘…’ from origin ‘…’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Can you help me to know what I need to change to clean this errors?
Thank you.

We have https://urallasolutions.com running on SiteGround Web Hosting.

We were running BunnyCDN, and Custom Fonts were working fine until we found several compatibility issues with BunnyCDN and our Thrive Themes.
So we switched over to CloudFlare to give it a try, and our Custom Fonts stopped working.

We approached SiteGround and they said, “You currently do not have the CORS policy enabled which is required in order for 3rd party fonts to work”. We are surprised it worked at all. Basically, to enable it you must add this code on top of your .htaccess

So we added the appropriate code they gave us to the file, and it started working.

However, we now have a delay before the Custom Fonts code kicks in. It appears to be the last thing to load on the pages and posts, so it may take anywhere from 1/2 to 1 second to load.

Hope you can assist.

Don of 32V8.com

I added below code to .htaccess, but still facing same issue.

AddType application/vnd.ms-fontobject .eot
AddType application/x-font-ttf        .ttf
AddType application/x-font-opentype   .otf
AddType application/font-woff         .woff

<FilesMatch ".(eot|ttf|otf|woff)">
  Header set Access-Control-Allow-Origin "*"
</FilesMatch>

Due to this my website is not rendering properly. Please take a look & let me know how can I solve this issue.

Ok, so I do not see any errors in site’s error log on the server.
The access-control headers are present on the request, indeed.

I’ve invalidated objects on CloudFront, but the errors are still here:

Access to font at 'https://d3lfyxk1prmpw9.cloudfront.net/wp-content/themes/Divi/core/admin/fonts/modules.ttf' from origin 'https://ondemand.dev400.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
modules.ttf:1 Failed to load resource: net::ERR_FAILED

I even can open and download https://d3lfyxk1prmpw9.cloudfront.net/wp-content/themes/Divi/core/admin/fonts/modules.ttf directly!

Can it be something in the CloudFront set-up? Behavior setting has ‘Origin’ header white-listed tho.

Any help is appreciated, thanks.

I have my front-end WordPress site that has a menu item called Partner Login.
When the user clicks on the menu item it invokes a function called LoginMember() that is trying to pull up a login form which is tied to my back-end admin server (MVC application) on a different environment. The front-end has a URL of wwww.myserver.com and the backend has a URL of admin.myserver.com. Both environments are in Azure and the CORS policy is set properly. In the browser I continue to get the error message below and am running out of ideas on how to get passed this issue. I have read a number of different postings but still have not been successful getting through this issue.

Access to XMLHttpRequest at ‘https://admin.myserver.com/AccountManagement/PopUpAuth?undefined’ from origin ‘https://www.myserver.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Any ideas/suggestions you have is greatly appreciated.

Thank you!