Best IT Recipes

Htaccess Access-Control-Allow-Origin

I am creating a script that is being downloaded externally to other sites. It loads CSS and HTML and works great on my own servers.

However, when I try to use it on another website, it displays this terrible error:

Access-Control-Allow-Origin

Here you can see that it loads fine: http://tzook.info/bot/

But on this other site, an error is displayed: http://cantloseweight.co/robot/

I loaded the download script in jsfiddle: http://jsfiddle.net/TL5LK/

I tried to edit the htaccess file as follows:

 <IfModule mod_headers.c> Header set Access-Control-Allow-Origin * </IfModule>

Or like this:

 Header set Access-Control-Allow-Origin *

But that still doesn't work.

+111
access-control cors .htaccess cross-domain
Nov 16 '12 at 17:25
source share
8 answers

Try this in the .htaccess external root folder:

 <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule>

And if this only applies to .js scripts, you should wrap the code above:

 <FilesMatch "\.(js)$"> ... </FilesMatch>
+227
Dec 14
source share

no one says you should also have mod_headers , so if still not working, try the following:

(the following tips work on Ubuntu, do not know about other distributions)

you can check the list of loaded modules with

 apache2ctl -M

to enable mod_headers you can use

 a2enmod headers

of course, after any changes to Apache you should restart it:

 /etc/init.d/apache2 restart

Then you can use

 <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule>

And if mod_headers is not active, this line will do nothing. You can try to skip the if clause and simply add the Header set Access-Control-Allow-Origin "*" to your configuration, then it should throw an error during startup if mod_headers is not active.

+48
Dec 08 '13 at 11:47
source share

from my experience;

if it doesnโ€™t work from php do it in .htaccess , it worked for me

 <IfModule mod_headers.c> Header set Access-Control-Allow-Origin http://www.vknyvz.com Header set Access-Control-Allow-Credentials true </IfModule>
  • credentials can be true or false depending on your ajax request parameters
+26
Jun 14 '13 at 14:37
source share

Add the .htaccess file with the following directives to the font folder if you have problems accessing your fonts. Can be easily modified for use with .css or .js files.

 <FilesMatch "\.(eot|ttf|otf|woff)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch>
+11
Apr 7 '15 at 5:46
source share

In Zend Framework 2.0, I had this problem. It can be solved in two ways .htaccess or php header, I prefer .htaccess, so I changed .htaccess from:

 RewriteEngine On RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L]

to

 RewriteEngine On <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule> RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L]

and he starts to work

+7
Jan 13 '14 at 5:40
source share

Other answers didn't work for me, here is what ended up doing the trick for apache2:

1) Turn on header modems:

sudo a2enmod headers

2) Create the file /etc/apache2/mods-enabled/headers.conf and paste:

 <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule>

3) Reboot the server:

sudo service apache2 restart

+6
Apr 7 '16 at 8:01
source share

By the way: the .htaccess configuration should be done on the server hosting the API. For example, you create an AngularJS application in the x.com domain and create the rest API on y.com, you need to install Access-Control-Allow-Origin "*" in the .htaccess file in the y.com root folder, not x.com: )

 <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule>

Also, as Lucas mentioned, make sure you enable mod_headers if you are using Apache

+4
Apr 03 '16 at 22:56
source share

Make sure you do not have a redirect. This can happen if the URL does not include a trailing slash.

See this answer for more details - stack overflow.site/questions/77396 / ...

+1
Nov 17 '16 at 19:48
source share


More articles:


All Articles