I have to subdomains like http://static.domain.com/pub/static/
and your source code work perfectly for http://static.domain.com/pub/static/ but for http://media.domain.com/pub/media/ in browser not showing css content icons and Access-Control-Allow-Origin "*" not showing in browser like that subdomain.
Please help me solve it !
Thank you !
JSONP ( JSON with Padding ) is a method commonly used to bypass the cross-domain policies in web browsers.
If this is for local development and you are using Chrome , you need to run Chrome with a couple of arguments to relax security like this:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-file-access-from-files --disable-web-security
If you need to enable CORS on the server in case of localhost, you need to have the following on request header.
<IfModule mod_headers.c> Header add Access-Control-Allow-Origin "https://*.domain.com" </IfModule>
It took me hours and hours to get this working.
A note to anyone else, if your CDN is loading from the /pub/static folder, you need to put this at the top of the htaccess file in the static folder, NOT in the top level htaccesss file which it says everywhere!!
Also wrap it in the mod header tags
Hope this helps someone, I got so stressed out with it!
I have a question.
I installed Magento 2, and created multi EsoftCage website with another domain by following documents.
I can see main website(A.com) normally, but another domain site(B.com) has some errors in console page.
Access to Font at 'https://A.com/pub/static/～' from origin 'https://B.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://B.com' is therefore not allowed access.
How can I fix it?
Please help me out.
I think you submit wrong url in search console. Try to submit Website URL in all variants.
^^ amitsankhala's post should be the accepted answer in this thread.
You really need to add Access-Control-Allow-Headers into the headers as well as allow-origin, or the CORS policy will start to fail you with messages like the following:
Access to XMLHttpRequest at 'https://static.b2b.staging245.uniform.com.au/version1667343537/frontend/Ose/Responsive/en_AU/js-translation.json' from origin 'https://b2b.staging245.uniform.com.au' has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response.