How to Enable CORS

pashaali · August 11, 2023, 1:23pm

hello

in a WordPress site i have download system. when im click on download file. its give error. not start download. cors get blocked.

please help me to solve this issue. how to enable cors function in hestiacp. check screen short of error

im edit file apache2.conf

and add this

<IfModule mod_headers.c>

Header set Access-Control-Allow-Origin "*"

</IfModule>

but this is not work still unable to download file.

please urgent help thank you

note: im using cloudflare ssl

eris · August 11, 2023, 1:42pm

Create
/home/user/conf/web/domain/nginx.conf_corsheaders

And add

add_header 'Access-Control-Allow-Origin' "*" ;

And do the same for

/home/user/conf/web/domain/nginx.ssl.conf_corsheaders

pashaali · August 11, 2023, 1:54pm

after create this im, check screen short

restart server now give this error

Error: ERROR: Restart of nginx failed.

nginx not getting start…

note: im using apache2 for this site its not a issue ?

thank you so much for the help …

eris · August 11, 2023, 2:08pm

What does:

nginx -t says…

pashaali · August 11, 2023, 2:31pm

this code not working

add_header Access-Control-Allow-Origin ;

but when im add this … then restart server its restart fine.

add_header Access-Control-Allow-Origin “*”;

but still have same issue file not start download. please help

sahsanu · August 11, 2023, 2:51pm

Just in case, try to hide the header on nginx side (nginx.conf and nginx.ssl.conf) inside location / block where is the proxy_pass directive:

proxy_hide_header 'Access-Control-Allow-Origin';

Reload nginx and try again… also, remove cache or history for that site in your browser.

pashaali · August 11, 2023, 3:03pm

/home/admin/conf/web/domain.com/nginx.conf

have add in this file but

where i find the file nginx.ssl.conf …

sahsanu · August 11, 2023, 3:05pm

If you don’t have one in the same dir, then you have not enabled ssl for that site so no need to edit nginx.ssl.conf

pashaali · August 11, 2023, 3:12pm

yes im using cloudflare ssl. thats why

please check screen short did i add code on right place ? there is 2 place where is proxy_pass

thanks for help im sorry im not good in coding

sahsanu · August 11, 2023, 3:32pm

I don’t use Cloudflare so I won’t be able to help here but maybe Cloudflare is caching the headers and you would need to purge it on Cloudflare side.

Also, you could try to connect to your site directly (without Cloudflare) maybe you would need to add the ip and domain in your hosts file to be able to access and check whether it works or not. Also, if you use Firefox or Chrome you can use their dev tools to inspect the site and check the headers your browser is receiving and you will see whether the allow origin is the right one or it isn’t.

BrandCom · September 5, 2024, 7:28am

For me the solution is:

Edit /home/user/conf/web/domain/nginx.ssl.conf file, add this line under “location ~* ^.” part:

add_header Access-Control-Allow-Origin "*";

Then reload nginx, delete site cache (for example for Symfony project: php bin/console cache:clear)

Raphael · September 5, 2024, 7:38am

be sure to read the first 4-5 lines in the header of that file…

beside that, this thread is already 1 year old, please do not revive.