Dev Kabir

Since we haven’t received a response from you, I’m proceeding to close this thread. Please know that you’re welcome to contribute to this thread at any time by adding your message.

Hello,

Thank you for reaching out regarding the CORS issue on your page. From the error you mentioned, it seems that the Access-Control-Allow-Origin header is not being sent in some cases, particularly on macOS Firefox and iOS Safari.

Here are a few steps to resolve this issue:

1. Server Configuration: If the plugin is set up correctly but the error persists, there might be a server-level configuration overriding the headers. Check your server’s .htaccess file or equivalent to confirm that there are no conflicting CORS rules.
2. Check for HTTPS Enforcement: Ensure that both the source and destination URLs use https://. Some browsers, especially Safari on iOS, enforce stricter rules for mixed-content handling.
3. Browser-Specific Issues: As noted, some browser variations can handle CORS differently. To address this:
   • Ensure your WordPress site and the external API both send the Vary: Origin header.
   • Use a wildcard * for Access-Control-Allow-Origin only if your use case does not involve credentials (e.g., cookies, HTTP authentication).
4. Debugging Tools: Use browser developer tools or plugins to inspect the HTTP headers. Look for:
   • Access-Control-Allow-Origin is present.
   • Any potential server-side cache interfering with the headers.
5. Plugin Debugging: Activate the plugin’s debugging mode if available. Alternatively, modify the code in enable-cors.php to log incoming requests and headers.
6. Testing Your Setup: Follow the steps in the readme.txt under the “Testing Your Setup” section to verify the functionality with a simple source-target setup.

If you’ve tried the above and still encounter the issue, let me know. I can guide you further or assist in debugging directly.

Best regards,
Kabir

Hello Vishwa,
You can manually add CORS headers using a code snippet in your theme’s functions.php file or in a custom plugin and check if the request URI contains /wp-content/uploads/ and, if so, adds the necessary CORS headers.

Based on what you’ve shared, it looks like the ERR_FAILED 429 (Too Many Requests) error is related to the connection between your frontend site (https://www.shirksllc.com) and backend site (https://shirksllc.net). This error typically means that the backend site is receiving too many requests in a short period of time and is temporarily blocking further requests as a precaution.

Does This Require Action from Someone Else?

Yes, this could be an issue with how the backend WordPress site is configured, but it’s not something you need to handle directly. Here’s what you can do:

1. Talk to Your Frontend Developer: The 429 error may be caused by too many requests being sent from the frontend site to the backend. Your frontend developer can review how often requests are being made to the backend and whether these requests can be optimized or spaced out to avoid triggering the limit.
2. Reach Out to Your Backend Host/Support: If needed, you can also check with the hosting provider or the team managing the backend site (https://shirksllc.net). They may have rate-limiting or security settings that could be adjusted to allow more requests.

Plugin and CORS:

While our plugin helps resolve CORS issues (related to allowing communication between the two sites), the 429 error is specifically related to too many requests being sent. It’s something that can be managed with adjustments to the request frequency or the server’s settings.

Feel free to forward this information to your developer or hosting provider.

It sounds like your CORS issue is intermittent, which can be particularly frustrating to debug. Let’s walk through some specific steps to help address the problem.

1. Ensure Headers Are Consistently Set:
   The code you added to your functions.php file is a good start, but it might not be hooked into the right action. The init hook may be too early in the WordPress lifecycle, which could lead to inconsistent header behavior. Try switching to the send_headers action, which is specifically designed to modify headers:

   function add_cors_http_header() {
       header("Access-Control-Allow-Origin: https://www.shirksllc.com");
       header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
       header("Access-Control-Allow-Headers: Content-Type, Authorization");
   }
   add_action('send_headers', 'add_cors_http_header');

This will ensure that CORS headers are attached at the right point in the request lifecycle.

2. Double-Check for Caching:
   Caching is a common culprit when it comes to inconsistent behavior. If you have any caching plugins or server-side caching enabled, try clearing them. It’s possible that old responses (without the correct CORS headers) are being served from the cache.
3. Check for Conflicting Plugins:
   Some security or performance plugins can also affect header responses. Temporarily deactivate other plugins (e.g., caching, security) and see if the issue persists. If CORS behaves consistently after disabling certain plugins, you may need to adjust those plugins’ settings.

Additionally, please wait for the next sprint, as we will make sure our plugin is compatible with the JWT Auth – WordPress JSON Web Token Authentication plugin. Or you can hire a freelancer to resolve this issue.

Thank you for reaching out to us. I understand how frustrating CORS issues can be, especially after you’ve taken steps to configure the plugin correctly.

I wanted to let you know that we did test our plugin’s compatibility with the JWT Auth – WordPress JSON Web Token Authentication plugin, and unfortunately, it seems there are some compatibility issues. We’ve noted your issue and will prioritize making our plugin compatible in a future sprint.

In the meantime, here are some steps I would take if I were in your position:

1. Check Plugin Configuration:
   • Ensure that https://www.shirksllc.com and https://shirksllc.com/ is listed as an allowed origin and that the appropriate methods (GET, POST, etc.) are allowed.
2. Check Server Configuration:
   • If you’re using Nginx, make sure the server configuration includes the necessary Access-Control-Allow-Origin headers. For Nginx, you would need to update the server block configuration.
3. Verify WordPress Rest API Headers:
   • Ensure that the REST API endpoints, particularly https://shirksllc.net/wp-json/jwt-auth/v1/token/validate, are returning the correct CORS headers. This might involve adding custom headers through your theme’s functions.php or using a plugin to modify the response headers.
4. Cross-Domain Setup:
   • Since your frontend (https://www.shirksllc.com) and backend (https://shirksllc.net) are on different domains, consider setting up a proxy in your frontend application to route API requests through the same domain.
5. Caching Issues:
   • Sometimes, caching plugins or server-side caching can interfere with headers. Try clearing your cache to ensure that the correct headers are being sent.

If you prefer, you can uninstall our plugin and leave a one-star review—we completely understand your frustration and appreciate your feedback as it helps us improve.

Got it! We’ll fix it in the next sprint. Please update your profile picture so I can acknowledge your contribution in the plugin dashboard.

Hey @czeideavanzadoonb

Thank you for bringing this to our attention!

The value Origin is correct, as it specifies that the response varies based on the Origin header in the request. For more details, please review this paragraph: MDN Documentation on Vary Header.

Thank you for helping us improve the plugin!

Best regards,

Dev

Your code has a syntax error and the flow needs improvement. Adding some hooks and filters will help make it work. It might be best to hire an expert developer to resolve this issue.

Since we haven’t received a response from you, I’m proceeding to close this thread. Please know that you’re welcome to contribute to this thread at any time by adding your message.

Please try setting it up like this. https://snipboard.io/iHK0SQ.jpg

If it doesn’t work, hire a professional to solve the issue.

• This reply was modified 8 months, 1 week ago by Dev Kabir.

Hello Donal,

Thank you for reaching out.

Could you please try resetting the plugin to its default settings and then check if your site passes the CORs test? If it still doesn’t pass, it might indicate that this plugin is not suitable for your site configuration. In that case, you may consider uninstalling the plugin.

Please let us know how it goes.

Best regards,

Dev

If the plugin isn’t working on your site, please uninstall it, as it’s not designed for your site. Feel free to leave a one-star review if you find it appropriate.

If the plugin isn’t working on your site, please uninstall it, as it’s not designed for your site. Feel free to leave a one-star review if you find it appropriate.

If the plugin isn’t working on your site, please uninstall it, as it’s not designed for your site. Feel free to leave a one-star review if you find it appropriate.