cancel
Showing results for 
Search instead for 
Did you mean: 

CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Hello,

I have to subdomains like http://static.domain.com/pub/static/
http://media.domain.com/pub/media/

and your source code work perfectly for http://static.domain.com/pub/static/ but for http://media.domain.com/pub/media/ in browser not showing css content icons and Access-Control-Allow-Origin "*" not showing in browser like that subdomain.

Please help me solve it !

Thank you !

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This is happening because of the CORS (Cross Origin Resource Sharing) error. This error occurs when you try to access a domain/resource from another domain. You cannot issue requests through the XMLHttpRequest to other domains or subdomains. For example, if you are doing something like writing HTML and Javascript in a code editor on your personal computer, and testing the output in your browser, you might probably get error messages about Cross Origin Requests .

 

JSONP ( JSON with Padding ) is a method commonly used to bypass the cross-domain policies in web browsers.

 

If this is for local development and you are using Chrome , you need to run Chrome with a couple of arguments to relax security like this:

 

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-file-access-from-files --disable-web-security

If you need to enable CORS on the server in case of localhost, you need to have the following on request header.

 

Access-Control-Allow-Origin: http://localhost:9999

The other easy way out, would be to create a proxy on your local server, which gets the remote request and then just forwards it back to your javascript.

 

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

<IfModule mod_headers.c>
Header add Access-Control-Allow-Origin "https://*.domain.com" 
</IfModule>

It took me hours and hours to get this working.

 

A note to anyone else, if your CDN is loading from the /pub/static folder, you need to put this at the top of the htaccess file in the static folder, NOT in the top level htaccesss file which it says everywhere!!

Also wrap it in the mod header tags

 

Hope this helps someone, I got so stressed out with it!

Re: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.


@sin4 wrote:

Hi,

I have a question.

I installed Magento 2, and created multi EsoftCage website with another domain by following documents.

http://devdocs.magento.com/guides/v2.0/config-guide/multi-site/ms_over.html

 

I can see main website(A.com) normally, but another domain site(B.com) has some errors in console page.

---

Access to Font at 'https://A.com/pub/static/~' from origin 'https://B.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://B.com' is therefore not allowed access.

---

How can I fix it?

Please help me out.

Thank you.

 

 


I think you submit wrong url in search console. Try to submit Website URL in all variants.