cancel
Showing results for 
Search instead for 
Did you mean: 

Access to XMLHttpRequest redirect- Blocked by CORS policy

Access to XMLHttpRequest redirect- Blocked by CORS policy

Can anybody help me i tried adding in .htaccess file but not working


Access to XMLHttpRequest at 'https://domain.com/themelayoutpro/ajax/captcha/:_=1648568028804' (redirected from 'https://*.domain.com/themelayoutpro/ajax/captcha/?_=1648568028804') from origin 'https://*.domain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

<IfModule mod_headers.c>
Header add Access-Control-Allow-Origin "https://*.domain.com"
Header add Access-Control-Allow-Headers "Origin, X-requested-with, Content-type, Accept, authorization"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Header set X-UA-Compatible "IE=edge"

# `mod_headers` cannot match based on the content-type, however,
# the `X-UA-Compatible` response header should be send only for
# HTML documents and not for the other resources.
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
Header unset X-UA-Compatible
</FilesMatch>

## Prevent clickjacking
Header set X-Frame-Options SAMEORIGIN
</IfModule>