Blocked by CORS

Hello greetings.
Please can you help me with this problem I have.
I just uploaded a new website, and to enter the administration I must log in, when I do this the system knows that without doing anything, that is, it does not enter the dashboard.
The following message appears in the browser console:
Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
The system is in PHP, JS, CSS; MYSQL AND JASON

    Failed to load resource: net::ERR_FAILED

While not really a HestiaCP question, your answer is in the error message that you shared. You are making requests from you apex name to your www domain. Don’t do that. Pick one of those names to be the canonical name for your site and redirect visitors to it.

Thanks for answering:
I do not understand what you’re referring to:
You are making requests from your top name to your wwwdomain. Do not do that. Choose one of those names as your site’s canonical name and redirect visitors to it.
To call Users/validate is the controller and method, join the contact bse_url, and call them is called like this <?=base_url?>/Users/validate vs

Pick one and use only it. Configure your site to redirect anyone who uses the wrong one to visit the correct one. That way you won’t have any cross-origin requests.

Sorry, but I don’t understand, this redirection is done after logging in, with the login form it goes to controller Users/validate, which verifies if the credentials are in the database. If they are correct, go to Administration/home.

This same system is running on localhost, without problems.
I think we need to make changes to the Apache configuration, but I don’t really know what the files are, since I find several and I don’t know which one I should make changes to, or what the conf of the websites is, since There are multiple domains on the same server.
that is, a shared server, with HestiaPanel

You need to configure hostname redirects before you make your login requests. You cannot test that on localhost unless you have isolated DNS or a modified hosts file.

If you do not understand that, you may need to recuit an experienced webserver admin to aid you with this aspect of your project.

1 Like