CDN Settings Page .htaccess Modification Problem

  • Resolved Martin Bailey

    (@martin_bailey)


    5 years, 8 months ago

    I’ve spent the last couple of days trying to get my StackPath CDN working with LiteSpeed Cache WordPress plugin via your CDN Settings page. I’ve finally found a combination of settings that work, but I need to stop your plugin from adding the following section to my .htaccess file every time I save the plugin settings.

    ### marker CORS start ###
    <FilesMatch “\.(ttf|ttc|otf|eot|woff|woff2|font\.css)$”>
    <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin “*”
    </IfModule>
    </FilesMatch>
    ### marker CORS end ###

    Without this entry, things are working fine, but Chrome stops loading web fonts and displays multiple errors like the one below as soon as the above entry is added to .htaccess.

    Access to font at ‘https://cdn.martinbaileyphotography.com/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.6.1&#8217; from origin ‘https://martinbaileyphotography.com&#8217; has been blocked by CORS policy: The ‘Access-Control-Allow-Origin’ header contains multiple values ‘*, *’, but only one is allowed.

    Would it be possible to add a checkbox to the settings that can be turned off for anyone that does not want the .htaccess file to be updated when saving settings? Or are you aware of any other way that I could safely stop this from happening without having to update code every time an update to your plugin is released?

    Thanks in advance for any help or advice you can provide.

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Support qtwrk

    (@qtwrk)

    Hi,

    Is that “marker CORS” block currently removed in your htaccess?

    Best regards,

    Thread Starter Martin Bailey

    (@martin_bailey)

    Yes it is removed, as it causes errors on my site. I just need to stop it from being readded when I save the CDN settings in your plugin.

    Plugin Support qtwrk

    (@qtwrk)

    Hi,

    If check any resources that is come from CDN , like this screenshot

    View post on imgur.com

    you will see Access-Control-Allow-Origin: * header

    this means , there is something else in somewhere that sends this header which duplicated with LSCWP one, you should remove it and only use the only generated by LSCWP.

    Best regards,

    Thread Starter Martin Bailey

    (@martin_bailey)

    Ideally, I agree, but none of the other plugins are adding this to .htaccess, neither are they adding it only for fonts. If I remove it from the other settings, I lose that header for all other file types, and that is not acceptable.

    Thread Starter Martin Bailey

    (@martin_bailey)

    Also note that ideally I’d prefer to add my own website address instead of * as the wildcard is the worst option security-wise, but if I add my domain the error still occurs because with your added block I still have two entries and Chrome doesn’t allow that.

    Plugin Support qtwrk

    (@qtwrk)

    Hi,

    If you compare the origin font and CDN font, like this screenshot

    View post on imgur.com

    If that header is set in origin , it should show in origin URI as well , but in this case it doesn’t , which believes me this header is added by CDN setting , please check your StackPath console if there is any edge rule or something that adds this CORS header

    Yes , you have good point for the wildcard , will talk to devs to make it configurable or automatically applies with origin domain.

    but still , you need to first , to get rid of the header at CDN level.

    Best regards,

    Thread Starter Martin Bailey

    (@martin_bailey)

    I was adding the header by the CDN, as that was the only way I could get it to work before using LiteSpeed, but on your advice, I just removed it from the StackPath settings, and put it back into my .htaccess but using my domain, not “*”, which is how I would prefer it to be set up.

    I then also went back and saved the settings on your plugin’s CDN page, and although the block above is back, along-side my own header adding my domain, at this point, it seems to be working fine!

    I’ve flushed my caches etc. so it seems that this was the key, so thank you!

    I’ll keep my eye on this, but now I’m wishing I mentioned this three days ago when I started struggling with this issue. Thanks again!

    Plugin Support qtwrk

    (@qtwrk)

    Good to know it works now ??

    Don’t hesitate to contact us again if you have any furhter issues

    Best regards,

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘CDN Settings Page .htaccess Modification Problem’ is closed to new replies.