Hello,
I have to subdomains like http://static.domain.com/pub/static/
http://media.domain.com/pub/media/
and your source code work perfectly for http://static.domain.com/pub/static/ but for http://media.domain.com/pub/media/ in browser not showing css content icons and Access-Control-Allow-Origin "*" not showing in browser like that subdomain.
Please help me solve it !
Thank you !
This is happening because of the CORS (Cross Origin Resource Sharing) error. This error occurs when you try to access a domain/resource from another domain. You cannot issue requests through the XMLHttpRequest to other domains or subdomains. For example, if you are doing something like writing HTML and Javascript in a code editor on your personal computer, and testing the output in your browser, you might probably get error messages about Cross Origin Requests .
JSONP ( JSON with Padding ) is a method commonly used to bypass the cross-domain policies in web browsers.
If this is for local development and you are using Chrome , you need to run Chrome with a couple of arguments to relax security like this:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-file-access-from-files --disable-web-security
If you need to enable CORS on the server in case of localhost, you need to have the following on request header.
Access-Control-Allow-Origin: http://localhost:9999
The other easy way out, would be to create a proxy on your local server, which gets the remote request and then just forwards it back to your javascript.
<IfModule mod_headers.c> Header add Access-Control-Allow-Origin "https://*.domain.com" </IfModule>
It took me hours and hours to get this working.
A note to anyone else, if your CDN is loading from the /pub/static folder, you need to put this at the top of the htaccess file in the static folder, NOT in the top level htaccesss file which it says everywhere!!
Also wrap it in the mod header tags
Hope this helps someone, I got so stressed out with it!
^^ amitsankhala's post should be the accepted answer in this thread.
You really need to add Access-Control-Allow-Headers into the headers as well as allow-origin, or the CORS policy will start to fail you with messages like the following:
Access to XMLHttpRequest at 'https://static.b2b.staging245.uniform.com.au/version1667343537/frontend/Ose/Responsive/en_AU/js-translation.json' from origin 'https://b2b.staging245.uniform.com.au' has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response.
Use this module to fix the issue.
https://commercemarketplace.adobe.com/aimsinfosoft-module-csp.html