Let see what is Cross-origin resource sharing (CORS) Access-Control-Allow-Origin?

CORS stands for accessing web resources on different domains. Domain allow it by header call “Access-Control-Allow-Origin”. Like we have 2 domains domainA and domainB. Now domainA asking for a JavaScript/css file from domainB for that web browser makes a request call to domainB. If domainB has accept request like JavaScript or CSS from only domainB then domainA request will fail with an error.

Access-Control-Allow-Origin error
Error looks like this

Request block diagram looks like this

Sometime it’s happen if you send a request from http to https so in this case if http is set as origin URL in maxCDN then it’s creates error.

How can I fix this case error?

For this case it’s very simple, Just change Origin URL from http to https and issue will be resolved.

If you are using Webfonts from Google –

You can fix it in 2 ways . By .htaccess editing and by add a custom filter in theme function.php

For .htaccess method we need to add below code.

Header set Access-Control-Allow-Origin “*”

<IfModule mod_headers.c>
  <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$">
    Header set Access-Control-Allow-Origin "*"

For custom wordpress filter method just add below code in theme function.php

function add_a2zwp_allowed_origins($origins) {
    $origins[] = 'YOUR DOMAIN';
    return $origins;
add_filter('allowed_http_origins', 'add_a2zwp_allowed_origins');

You can also use plugin to resolve this issue but this plugin will work for ajax related call, you can download it from here WordPress Cross-Domain Access-Control-Allow-Origin Plugin.

In many cases we are using plugin for API calling sometimes not working like plugin called JSON API, for this cases we can use the below code directly in the header file or plugin file like for JSON API we need to modify this file wp-content/plugins/json-api/singletons/api.php

<?php header("Access-Control-Allow-Origin: *"); ?>

Hope this helps you to resolve the issue.

Leave a Reply

Your email address will not be published. Required fields are marked *