I have created many WordPress sites and there is something I was never able to fix.
When you have two domains for the same website (such as www.example.com and www.example.fr) only one shows correctly and the alternative doesn't show it's images.
I guess this is a common problem that might happen to a lot of you. Any idea to help me fix it ?
First, check that both WordPress Address (URL) and Site Address (URL) are set properly in
wp-admin/ >> Settings >> General
If that is not the case, see the error messages in the console:
(index):1 Font from origin 'http://draidel.com' has been blocked from
loading by Cross-Origin Resource Sharing policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://draidel.com.ar' is therefore not allowed
access.
You can resolve this by adding the following to you .htaccess
Header add Access-Control-Allow-Origin "draidel.com"
You may need to change the permissions of .htaccess as WordPress loves to change it randomly.
Related
I currently have a web app running in containers with the access-control-allow-origin header correctly configured on it. However, when I check the front door in front of this web app, the same header has the option '*' -- accepting all types of requests, differently from the configured one.
How do I get the front door to propagate this web app header?
Here is the official document about this: Azure Front Door Rule Set
On Azure Front Door, you can create a rule in the Azure Front Door
Rules Set to check the Origin header on the request. If it's a valid
origin, your rule will set the Access-Control-Allow-Origin header with
the correct value. In this case, the Access-Control-Allow-Origin
header from the file's origin server is ignored and the AFD's rules
engine completely manages the allowed CORS origins.
Doris lv's previous answer is correct but I would also like to point out some things:
Be careful not to add the slash (/) at the end of the URL -- I had that added that's why didn't work:
After creating the rule, go to Front Door designer (FDD) and link this new rule with some of the routing rules available
Also in FDD, click on the Purge button clean the previous cache and load the new configurations
Another important thing is that I had to do this configuration due to HDCL AppScan saying that the Access-Control-Allow-Origin header was too permissive; that being said, the scan pointed that the Java Scripts files had this problem which they didn't, only the CSS and TFF files had this header. A closer look at the scan report pointed out that what's was going on is that the Vary header had the value Origin in it, making the scan report a Cross-Origin Resource Sharing (CORS) issue. To fix this just add a new rule in the Rule engine configuration removing this header just like shown:
After this, the scan didn't report any more issues
Suppose I have a web application at origin.com. When I browse origin.com it request cross-site data from datafeed.origin.com. I have following written in .htaccess of datafeed.origin.com Header set Access-Control-Allow-Origin origin.com. Everything works perfectly till this point.
What I need is protect datafeed.origin.com. How can I prevent this domain from browsing directly from browser or any other application. Only allow access when cross referencing from origin.com.
You can specify the origin when setting the Access-Control-Allow-Origin header:
Access-Control-Allow-Origin: <origin>[, <origin>]*
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
Looking at your post it looks like you've done this, so cross origin requests should fail from other domains
While I was working on my app I began getting this error:
XMLHttpRequest cannot load https://npmcdn.com/ng2-img-cropper/index.js. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
I was thinking about what's causing the error. I know there is a https://npmcdn.com/** url, so it's probably not in my computer, but I just wanted to be sure.
Also, I've tried accessing the site directly from the browser and everything works as it should. It gives me back the script etc. It's just weird for me because I was actually working with Access-Control-Allow-Origin on my back-end when I began getting this one, but I've tried to comment out everything and I still get it. I was considering something happened because of my .htaccess file, that I was editing too. May I know your opinion what's going on here? Is it possible my computer or connection is causing it?
UPDATE
The problem I have is with node_module ng2-img-cropper. I didn't want to publish it before I wasn't sure it's not an issue on my side. I found out that this node_module is using the old npmcdn.com website to load it's files. It always calls npmcdn.com which redirects it to unpkg.com. Next, if you try GET Request on npmcdn.com it redirect you to the unpkg.com and even though it gives me all the data, and headers are set, it probably checks the headers from the npmcdn.com site and says that I'm unable to catch it. Any idea how to solve this? I was thinking about changing the config in npm, so that every node_module would call unpkg.com, and not the older one npmcdn.com. But where to find this config file?
I know npmcdn.com just moved to unpkg.com, perhaps the redirect doesn't have the header set correctly. Does pointing to unpkg.com directly work?
Your error is saying you can't do (AJAX) request throught domains. From a domain www.site-a.com you can't do a request to www.site-b.com, because this is not the same domain. This is a Web Browser security.
If you want request www.site-b.com from www.site-a.com, so www.site-a.com has to set the header 'Access-Control-Allow-Origin' to allow other domains to request it.
If you have access to https://npmcdn.com you can configure the server, else you will not be able to request it.
My only solution was not the best, but this way it worked. I copied the whole module from node_modules folder and put into my src/app/ location. Then in component I've just imported component from it's path in my app folder and added the /index so it's grabbing exports from index.ts.
I am running a MediaWiki on a VM, accessing it through http://12.34.56.78/wiki -- I was able to edit pages.
Now I've redirected my domain http://foo.org to http://12.34.56.78/wiki
http://foo.org/wiki does indeed find my wiki, but when I attempt to edit a page I get a blank page. Inspecting the console yields:
Load denied by X-Frame-Options: does not permit cross-origin framing
What is the cause of the problem? And what is the solution?
Sounds to me like you are using "frame-redirects" from http://foo.org to http://12.34.56.78/wiki. Frame redirects are a nasty hack and often cause problems, like the one above.
You should use actual http (reverse) proxying, or a domain alias (cname) and rewrite rules. The difference is that with the proxy, the data is actually traveling through an intermediate web server (the proxy), while with the cname+rewrite, it's just two names for the same box.
Have a look at https://en.wikipedia.org/wiki/URL_redirection to understand all the different kinds of forwarding and redirection.
When I load my site with WWW.example.com the custom fonts will load.
But if I just enter domain.com (without www) the fonts wont load in IE or Firefox but will in Chrome.
All my CSS files links are absolute.
Has anyone else faced this issue?
Be careful of XSS restrictions. Since you didnt say I'm assuming your links go to www.example.com instead of example.com. Browsers are wary of requesting files from other domains. You can set it to request from /path/to/css.css instead of an absolute link.
This is because of CORS (which basically means that browsers will not request resources from a server b that did not send the original document (which instead came from a server a) specifying the request, UNLESS b specifies that it will take requests that originate from a resources).
See http://www.w3.org/TR/cors/ and http://enable-cors.org/