Can't get CORS to work

[WebHostPro]

Well I've tried 8 different way to enable CORS now and nothing. Hopefully someone here can shed some light.

I tried this thread first: How enable CORS on Apache in WHM

Adding this to the htaccess file:

Header set Access-Control-Allow-Origin "*"


I then tried:

Header always set Access-Control-Allow-Origin "blog.webhost.pro"

--

<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>

--

nano /etc/apache2/conf.d/userdata/ssl/2_4/username/domain.com/yourinclude.conf

With the site info and headers added and rebuilt apache

--

<ifModule mod_headers.c>
Header set Access-Control-Allow-Origin: *
</ifModule>

# Images and General graphics

<FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
# Webfons

<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css|woff2)$">
Header set Access-Control-Allow-Origin "*"

This one crashed the site.
--

Add this to the function.php page:

<?php
header("Access-Control-Allow-Headers: Authorization, Content-Type");
header("Access-Control-Allow-Origin: *");
header('content-type: application/json; charset=utf-8');
?>
--

add_action('init', 'handle_preflight');
function handle_preflight() {
$origin = get_http_origin();
if ($origin === 'yourdomain.com') {
header("Access-Control-Allow-Origin: yourdomain.com");
header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
header("Access-Control-Allow-Credentials: true");
header('Access-Control-Allow-Headers: Origin, X-Requested-With, X-WP-Nonce, Content-Type, Accept, Authorization');
if ('OPTIONS' == $_SERVER['REQUEST_METHOD']) {
status_header(200);
exit();
}
}
}

----------------------------------

Nothing would get the icon images to load on our new blog theme:

Web Host Pro You can see it in the menu drop down. The theme maker said it's a cPanel issue with CORS but I'm stumped on how to fix this.

Thanks!

 

[cPRex]

Hey there! Adding the entry to the .htaccess file is all that is necessary to get that working. That's the official detail from the CORS team here:

enable cross-origin resource sharing

CORS support site

enable-cors.org

While it should be present by default, can you confirm that ea-apache24-mod_headers is present on your system?

Also, with the .htaccess entry present (no includes or other customizations), what errors related to CORS do you get from your theme?

 

[cPRex]

There is also a test at that site you can use after you'd added the .htaccess entry: test-cors.org

 

[WebHostPro]

You wouldn't happen to know how that tool works do you? It just gives an output. My output was:

Sending GET request to blog.webhost.pro

Fired XHR event: loadstart
Fired XHR event: readystatechange
Fired XHR event: readystatechange
Fired XHR event: progress
Fired XHR event: readystatechange
Fired XHR event: load

XHR status: 200
XHR status text:
XHR exposed response headers:cache-control: public, max-age=600
content-encoding: gzip
content-type: text/html
date: Mon, 26 Sep 2022 20:48:21 GMT
etag: "1rO4KQ"
expires: Mon, 26 Sep 2022 20:58:21 GMT
server: Google Frontend
x-cloud-trace-context: 91b55200c81f54fbb0cc51f395afd2d2


Fired XHR event: loadend

 

[cPRex]

No, unfortuantely I have no other details about that tool. Are those the headers you are expecting?

If not, it might be best to submit a ticket to our team so we can check your specific machine's Apache headers to see what the issue may be.