CORS Access-Control-Allow-Origin never showing up

  • Resolved mcyzyk

    (@mcyzyk)


    1 year, 10 months ago

    WordPress 6.1.1, multisite, locally-hosted

    I am trying to get something called the Universal Viewer (https://universalviewer.io/) to read an IIIF manifest from our repository (https://digital.library.jhu.edu/node/15919/manifest) and display the items in the manifest on screen, embedded in a WordPress page.

    Here is my code, just plopped down on a regular ol WordPress page:

    <iframe src="https://1p175.csb.app/uv.html#?manifest=https://digital.library.jhu.edu/node/15919/manifest" allowfullscreen="" width="560" height="420" frameborder="0"></iframe>

    But that’s not my problem! My problem is that I keep getting the CORS Missing Allow Origin error when it’s making the call out to grab the manifest from the remote server.

    I’ve tried the .htaccess method for setting the Access-Control-Allow-Origin header directive, but no joy.

    And here is what I’ve just now put in my local functions.php file, yet still no joy:

    function add_cors_http_header(){
    header("Access-Control-Allow-Origin: *");
}
add_action('init','add_cors_http_header');

    I go to take a peek at my headers and never see the Access-Control-Allow-Origin directive at all.

    How can I force this header directive to show up in WordPress?

    MUCH appreciated!

    Mark

    • This topic was modified 1 year, 10 months ago by mcyzyk.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    The issue is not with your WP site, it’s with the jhu.edu site. It’s the one that needs to respond with an appropriate CORS header. You’d need to get JHU to include CORS headers from their server.

    Probably easier said than done. Instead of an iframe, perhaps you could create a custom WP template that gets the manifest with your server as the origin instead of your browser. The template code can then include the manifest in what it sends out to your browser. Untested, but I think it’ll work since there is no browser involved in the exchange, hence no CORS requirement.

    You can use the WP_Http class to make server to server requests. The manifest appears to be in JSON format. If you wanted to, your template code could decode the JSON and present it in a more human readable format.

    Thread Starter mcyzyk

    (@mcyzyk)

    Thanks! That was the issue.

    Much appreciated,

    Mark

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘CORS Access-Control-Allow-Origin never showing up’ is closed to new replies.