This is happening because of the CORS (Cross Origin Resource Sharing) error. This error occurs when you try to access a domain/resource from another domain. You cannot issue requests through the XMLHttpRequest to other domains or subdomains. For example, if you are doing something like writing HTML and Javascript in a code editor on your personal computer, and testing the output in your browser, you might probably get error messages about Cross Origin Requests .

JSONP ( JSON with Padding ) is a method commonly used to bypass the cross-domain policies in web browsers.

If this is for local development and you are using Chrome , you need to run Chrome with a couple of arguments to relax security like this:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-file-access-from-files --disable-web-security

If you need to enable CORS on the server in case of localhost, you need to have the following on request header.

Access-Control-Allow-Origin: http://localhost:9999

The other easy way out, would be to create a proxy on your local server, which gets the remote request and then just forwards it back to your javascript.

<IfModule mod_headers.c>
Header add Access-Control-Allow-Origin "https://*.domain.com" 
</IfModule>

It took me hours and hours to get this working.

A note to anyone else, if your CDN is loading from the /pub/static folder, you need to put this at the top of the htaccess file in the static folder, NOT in the top level htaccesss file which it says everywhere!!

Also wrap it in the mod header tags

Hope this helps someone, I got so stressed out with it!

---

@sin4 wrote:

Hi,

I have a question.

I installed Magento 2, and created multi EsoftCage website with another domain by following documents.

http://devdocs.magento.com/guides/v2.0/config-guide/multi-site/ms_over.html

 

I can see main website(A.com) normally, but another domain site(B.com) has some errors in console page.

---

Access to Font at 'https://A.com/pub/static/～' from origin 'https://B.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://B.com' is therefore not allowed access.

---

How can I fix it?

Please help me out.

Thank you.

 

 

---

I think you submit wrong url in search console. Try to submit Website URL in all variants.  

^^ amitsankhala's post should be the accepted answer in this thread.

You really need to add Access-Control-Allow-Headers into the headers as well as allow-origin, or the CORS policy will start to fail you with messages like the following:

Access to XMLHttpRequest at 'https://static.b2b.staging245.uniform.com.au/version1667343537/frontend/Ose/Responsive/en_AU/js-translation.json' from origin 'https://b2b.staging245.uniform.com.au' has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response.