cancel
Showing results for 
Search instead for 
Did you mean: 

CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Highlighted

CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hi,

I have a question.

I installed Magento 2, and created multi website with another domain by following documents.

http://devdocs.magento.com/guides/v2.0/config-guide/multi-site/ms_over.html

 

I can see main website(A.com) normally, but another domain site(B.com) has some errors in console page.

---

Access to Font at 'https://A.com/pub/static/~' from origin 'https://B.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://B.com' is therefore not allowed access.

---

How can I fix it?

Please help me out.

Thank you.

 

 

11 REPLIES 11
Highlighted

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hello sin4,

 

I believe you can resolve this by adding the following rule to your httaccess:-

Header add Access-Control-Allow-Origin "b.com"

This will allow the resources to load on the second domain. If you would prefer to allow the resources to load on all domains you can use:-

Header add Access-Control-Allow-Origin "*" 
Leslie B.
Aspiration Hosting - Magento 1 & 2 Optimized Cloud Hosting
Problem solved? Click Accept as Solution!
Highlighted

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This may be a stupid question, but which .htaccess file should that go in? and can you have the 'https://' portion of the website there as well?

Highlighted

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

In main store .htaccess file add at the top.

 

Header add Access-Control-Allow-Origin "*" 

 

Highlighted

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hi MarkandeySingh7,

 

I tried your suggestion, but the problem is still not solved.

 

Please see here http://prntscr.com/mvc2kn

 

Magento 2.3.0

Highlighted

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hello Dear,

 

Have you solved this issue ,I am getting the same issue in my store.

 

Can you please suggest the solution for this ?

 

Thanks

Mustak

Highlighted

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Gghij
Highlighted

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have the same issue, but I don't have any ideas anymore..

 

$objectManager = \Magento\Framework\App\ObjectManager::getInstance();
		$redirect = $objectManager->get('\Magento\Framework\App\Response\Http');
		$redirect->setRedirect($url)->sendResponse();
		

In my controller i redirect like this

return $this->getResponse()->setRedirect($url)->sendResponse();

Like this

$this->_redirect($url);

And have the some error...Can somebody help me...please

 

Highlighted

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Please let me know, i have same issue in Magento2
 Access to XMLHttpRequest at 'https://mydomian1.com/static/version1556806431/frontend/Smartwave/porto_ws/en_AU/Magento_Ui/template...' from origin 'https://mydomian2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Highlighted

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Thanks for the Hint. Here is the code to be added in .htaccess on the top.

 

Header add Access-Control-Allow-Origin "#fully_qualified_domain_name#"
Header always set Access-Control-Allow-Headers "Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization"

 

Note : Replace with Fully qualified domain name with trailing slash at the end. Use https if you are using it. Upload this in the main store .htaccess file located at root.

 

Hope this helps!