WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,725
28
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
Well I've tried 8 different way to enable CORS now and nothing. Hopefully someone here can shed some light.

I tried this thread first: How enable CORS on Apache in WHM

Adding this to the htaccess file:

Header set Access-Control-Allow-Origin "*"


I then tried:

Header always set Access-Control-Allow-Origin "blog.webhost.pro"

--

<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>

--

nano /etc/apache2/conf.d/userdata/ssl/2_4/username/domain.com/yourinclude.conf

With the site info and headers added and rebuilt apache

--

<ifModule mod_headers.c>
Header set Access-Control-Allow-Origin: *
</ifModule>

# Images and General graphics

<FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
# Webfons

<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css|woff2)$">
Header set Access-Control-Allow-Origin "*"

This one crashed the site.
--

Add this to the function.php page:

<?php
header("Access-Control-Allow-Headers: Authorization, Content-Type");
header("Access-Control-Allow-Origin: *");
header('content-type: application/json; charset=utf-8');
?>
--

add_action('init', 'handle_preflight');
function handle_preflight() {
$origin = get_http_origin();
if ($origin === 'yourdomain.com') {
header("Access-Control-Allow-Origin: yourdomain.com");
header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
header("Access-Control-Allow-Credentials: true");
header('Access-Control-Allow-Headers: Origin, X-Requested-With, X-WP-Nonce, Content-Type, Accept, Authorization');
if ('OPTIONS' == $_SERVER['REQUEST_METHOD']) {
status_header(200);
exit();
}
}
}

----------------------------------

Nothing would get the icon images to load on our new blog theme:

Web Host Pro You can see it in the menu drop down. The theme maker said it's a cPanel issue with CORS but I'm stumped on how to fix this.

Thanks!
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
13,450
2,114
363
cPanel Access Level
Root Administrator
Hey there! Adding the entry to the .htaccess file is all that is necessary to get that working. That's the official detail from the CORS team here:


While it should be present by default, can you confirm that ea-apache24-mod_headers is present on your system?

Also, with the .htaccess entry present (no includes or other customizations), what errors related to CORS do you get from your theme?
 

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,725
28
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
You wouldn't happen to know how that tool works do you? It just gives an output. My output was:

Sending GET request to blog.webhost.pro

Fired XHR event: loadstart
Fired XHR event: readystatechange
Fired XHR event: readystatechange
Fired XHR event: progress
Fired XHR event: readystatechange
Fired XHR event: load

XHR status: 200
XHR status text:
XHR exposed response headers:cache-control: public, max-age=600
content-encoding: gzip
content-type: text/html
date: Mon, 26 Sep 2022 20:48:21 GMT
etag: "1rO4KQ"
expires: Mon, 26 Sep 2022 20:58:21 GMT
server: Google Frontend
x-cloud-trace-context: 91b55200c81f54fbb0cc51f395afd2d2


Fired XHR event: loadend
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
13,450
2,114
363
cPanel Access Level
Root Administrator
No, unfortuantely I have no other details about that tool. Are those the headers you are expecting?

If not, it might be best to submit a ticket to our team so we can check your specific machine's Apache headers to see what the issue may be.