Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

‎01-25-2017 04:07 PM
‎01-25-2017 04:07 PM

CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hi,

I have a question.

I installed Magento 2, and created multi website with another domain by following documents.

http://devdocs.magento.com/guides/v2.0/config-guide/multi-site/ms_over.html

 

I can see main website(A.com) normally, but another domain site(B.com) has some errors in console page.

---

Access to Font at 'https://A.com/pub/static/~' from origin 'https://B.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://B.com' is therefore not allowed access.

---

How can I fix it?

Please help me out.

Thank you.

 

 

Reply
14 REPLIES 14
‎01-26-2017 07:15 AM
‎01-26-2017 07:15 AM

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hello sin4,

 

I believe you can resolve this by adding the following rule to your httaccess:-

Header add Access-Control-Allow-Origin "b.com"

This will allow the resources to load on the second domain. If you would prefer to allow the resources to load on all domains you can use:-

Header add Access-Control-Allow-Origin "*"
Leslie B.
Aspiration Hosting - Magento 1 & 2 Optimized Cloud Hosting
Problem solved? Click Accept as Solution!
Reply
‎05-31-2017 03:35 PM
‎05-31-2017 03:35 PM

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This may be a stupid question, but which .htaccess file should that go in? and can you have the 'https://' portion of the website there as well?

0 Kudos
Reply
‎11-01-2017 02:55 AM
‎11-01-2017 02:55 AM

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

In main store .htaccess file add at the top.

 

Header add Access-Control-Allow-Origin "*"

 

0 Kudos
Reply
‎03-08-2019 07:34 PM
‎03-08-2019 07:34 PM

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hi MarkandeySingh7,

 

I tried your suggestion, but the problem is still not solved.

 

Please see here http://prntscr.com/mvc2kn

 

Magento 2.3.0

0 Kudos
Reply
‎03-11-2019 05:04 AM
‎03-11-2019 05:04 AM

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hello Dear,

 

Have you solved this issue ,I am getting the same issue in my store.

 

Can you please suggest the solution for this ?

 

Thanks

Mustak

0 Kudos
Reply
‎03-11-2019 03:58 PM
‎03-11-2019 03:58 PM

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Gghij
0 Kudos
Reply
‎03-14-2019 03:46 AM
‎03-14-2019 03:46 AM

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have the same issue, but I don't have any ideas anymore..

 

$objectManager = \Magento\Framework\App\ObjectManager::getInstance();
		$redirect = $objectManager->get('\Magento\Framework\App\Response\Http');
		$redirect->setRedirect($url)->sendResponse();

In my controller i redirect like this

return $this->getResponse()->setRedirect($url)->sendResponse();

Like this

$this->_redirect($url);

And have the some error...Can somebody help me...please

 

0 Kudos
Reply
‎05-02-2019 09:50 AM
‎05-02-2019 09:50 AM

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Please let me know, i have same issue in Magento2
 Access to XMLHttpRequest at 'https://mydomian1.com/static/version1556806431/frontend/Smartwave/porto_ws/en_AU/Magento_Ui/template...' from origin 'https://mydomian2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

0 Kudos
Reply
‎11-12-2019 04:12 AM
‎11-12-2019 04:12 AM

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Thanks for the Hint. Here is the code to be added in .htaccess on the top.

 

Header add Access-Control-Allow-Origin "#fully_qualified_domain_name#"
Header always set Access-Control-Allow-Headers "Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization"

 

Note : Replace with Fully qualified domain name with trailing slash at the end. Use https if you are using it. Upload this in the main store .htaccess file located at root.

 

Hope this helps!

Reply