CORS issue w/ WPML, CF

Hello @ecronik

Thank you for reaching out and I am happy to assist you with this.
Can you please confirm (I presume it’s Cloudflare) which CDN you are using CloudFront or Cloudflare?
Are both the main domain and subdomain connected with different zones to Cloudflare?
This is not specifically related to the W3 Total Cache if Cloudflare is in question, so you should Configure the dashboard CORS settings in Cloudflare.
Please check this article for more details.
You can also try adding the rule to your .htaccess file:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule

I hope this helps!

Thanks!

Hi Marko,

and thanks for your quick reply! I am using CloudFlare (Free Plan). I don’t fully understand your question about the zones, could you explain it a little further?

I have domain.com and de.domain.com set up at my hoster and pointed to the same folder on the same server (both having an individual SSL Cert though), but the Nameserver for it is pointing to CloudFlare. At CF I have two CNAME records (one domain.com and one de.domain.com) that point to the same server.

I did modify the .htaccess accordingly, and the problem on the front-end is now gone. But it still shows the issues on the back-end. Any idea how to tackle that?

When W3TC is disabled, I don’t have the issues there. Could it be that some other settings interfere? This is what W3TC puts automatically for mod_headers.c into the .htaccess:

<FilesMatch "\.(css|htc|less|js|js2|js3|js4|CSS|HTC|LESS|JS|JS2|JS3|JS4)$">
    FileETag MTime Size
    <IfModule mod_headers.c>
        Header set Pragma "public"
        Header append Cache-Control "public"
        Header unset Set-Cookie
        Header set X-Powered-By "W3 Total Cache/2.2.4"
    </IfModule>
</FilesMatch>
<FilesMatch "\.(html|htm|rtf|rtx|txt|xsd|xsl|xml|HTML|HTM|RTF|RTX|TXT|XSD|XSL|XML)$">
    FileETag MTime Size
    <IfModule mod_headers.c>
        Header set Pragma "public"
        Header append Cache-Control "public"
        Header set X-Powered-By "W3 Total Cache/2.2.4"
    </IfModule>
</FilesMatch>
<FilesMatch "\.(asf|asx|wax|wmv|wmx|avi|avif|avifs|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|webp|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|webm|mpp|otf|_otf|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|_ttf|wav|wma|wri|woff|woff2|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|AVIF|AVIFS|BMP|CLASS|DIVX|DOC|DOCX|EOT|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|WEBP|JSON|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|WEBM|MPP|OTF|_OTF|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|OGV|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SVG|SVGZ|SWF|TAR|TIF|TIFF|TTF|TTC|_TTF|WAV|WMA|WRI|WOFF|WOFF2|XLA|XLS|XLSX|XLT|XLW|ZIP)$">
    FileETag MTime Size
    <IfModule mod_headers.c>
        Header set Pragma "public"
        Header append Cache-Control "public"
        Header unset Set-Cookie
        Header set X-Powered-By "W3 Total Cache/2.2.4"
    </IfModule>
</FilesMatch>
<IfModule mod_headers.c>
    Header set Referrer-Policy "no-referrer-when-downgrade"
</IfModule>

Also, is using Header set Access-Control-Allow-Origin "*" in terms of security an issue?

Thanks again,
eC

• This reply was modified 2 years, 6 months ago by ecronik.
• This reply was modified 2 years, 6 months ago by ecronik.
• This reply was modified 2 years, 6 months ago by ecronik.
• This reply was modified 2 years, 6 months ago by ecronik.
• This reply was modified 2 years, 6 months ago by ecronik.
• This reply was modified 2 years, 6 months ago by ecronik.

Hello @ecronik

Thank you for your feedback.
You can use Header set Access-Control-Allow-Origin "*" – no problem regarding the security.
Thank you for the confirmation that adding the rule worked.
In any case, can you please disable the settings one by one in Performance>general settings, save the settings and purge the cache after each setting is disabled, and see which one might be causing this?

Thanks!

Hi Marko,

I’ve disabled Page Cache on General Settings and everything is now working as expected again.

Here are my Page Cache settings (I’m usung Disk Enhanced): https://pasteboard.co/aH1V0MFT0sQu.jpg

Do you see anything that could be causing this? Was using this setup for quite a while and just recently it started acting up (weird login redirect loops, and issues staying logged in / switching between languages etc.).

Thanks,
eC

• This reply was modified 2 years, 6 months ago by ecronik.
• This reply was modified 2 years, 6 months ago by ecronik.
• This reply was modified 2 years, 6 months ago by ecronik.

Hello @ecronik

Thank you for your feedback.
This is very interesting. Is the WPML extension enabled in Performance>Extensions?
What you can try also is to enable the Cache alias hostnames: option in Performance>Page Cache>Aliases, and add the URL of the subdomain there. Make sure to save all settings and purge the cache.
Also, you need to add the full URL for the sitemap (Or you just removed the URL for the screenshot.)
Thanks!

Hi Marko,

thanks for your answer! No, I’m not using the WPML extension: To be honest, I never really understood what it does and didn’t need it for the last couple of years, as everything was working OK. Maybe you can enlighten me about the advantages?

Adding the alias did seem to have fixed the CORS issue in the backend, and an issue I had with WPML is gone now. Wohoo, thanks!! Will keep an eye on this and give an update after test running it for a while.

Do I still need the entry in the .htaccess now?

As I have two sitemaps (one for de.domain.com and one for domain.com created via Yoast), will the Preload still work correctly, when I only point it to https://domain.com/sitemap_index.xml ? Or do I need to find a way to combine those two?

Thanks,
eC

• This reply was modified 2 years, 6 months ago by ecronik. Reason: First test with alias

Hello @ecronik

Thank you for your feedback and I am glad the problem is resolved.
WPML Extension helps with the localization. Mostly related to Minify, however, I see now that you are using CF minify.
You should keep the .htaccess entry. As for the sitemap, you can only use a single sitemap.
Nested or custom sitemaps also work.

Thanks!

Hi Marko,

thanks for your answer and I hope you had a great start into the week!

Yes, I’m using CF minify. I have three last questions:

1. Do you maybe have an idea how I can combine the Yoast generated Sitemaps (sitemap_index.xml for domain.com and another one for de.domain.com, pointing to their respective sub files like page-sitemap.xml etc.) to a merged file that dynamically keeps being recent (like includes new pages etc.) for W3TC to use?

2. Also, when I look into cache < page_enhanced it seems like I have two perfectly filled folders for domain.com and de.domain.com – so it seems like it’s working, even when using a relative path like “/sitemap_index.xml” without the domain etc. for Cache Preload.
Does this still cause problems on some other aspects under the hood?

3. When switching from WP-Cron to server-side Cron, and having domain.com and de.domain.com on the same server, in the same folder / WP-installation:
Is it enough to have the Cron fire with calling https://domain.com/wp-cron.php or do I need to set two jobs, another one for https://de.domain.com/wp-cron.php and have both run simultaneously?

Thanks again,
eC

Hello @ecronik

Thank you for your feedback.

1. Unfortunately, no. however, if everything works as expected and the cache is generated, you can disregard my previous thoughts on this.
2. As this is Yoast generated sitemap, it should work fine you are correct. So I guess that the Yoast extension is active in Performance>Extensions.
3. This depends on the server, so I cannot be specific about this. You can test and see which option works for you.

Thanks!