htaccess Access-Control-Allow-Origin

Question

I m creating a script that loads externally on other sites  It loads CSS and HTML and works fine on my own servers   However  when I try it on another website it displays this awful error   Access-Control-Allow-Origin   Here you can see it loads perfectly  http   tzook info bot   But on this other website it shows the error  http   cantloseweight co robot   I uploaded the loading script to jsfiddle  http   jsfiddle net TL5LK   I tried editing the htaccess  file like this    lt IfModule mod headers c gt          Header set Access-Control-Allow-Origin    lt  IfModule gt    Or like this   Header set Access-Control-Allow-Origin     But it still doesn t work

User · Answer

no one says that you also have to have mod headers enabled  so if still not working  try this    following tips works on Ubuntu  don t know about other distributions   you can check list of loaded modules with   apache2ctl -M   to enable mod headers you can use  a2enmod headers   of course after any changes in Apache you have to restart it    etc init d apache2 restart   Then you can use   lt IfModule mod headers c gt      Header set Access-Control-Allow-Origin      lt  IfModule gt    And if mod headers is not active  this line will do nothing at all  You can try skip if clause and just add Header set Access-Control-Allow-Origin     in your config  then it should throw error during start if mod headers is not active

User · Answer

In Zend Framework 2 0 i had this problem  Can be solved in two way  htaccess or php header i prefer  htaccess so i modified  htaccess from   RewriteEngine On RewriteCond   REQUEST FILENAME  -s  OR  RewriteCond   REQUEST FILENAME  -l  OR  RewriteCond   REQUEST FILENAME  -d RewriteRule      -  NC L  RewriteRule      index php  NC L    to   RewriteEngine On   lt IfModule mod headers c gt      Header set Access-Control-Allow-Origin      lt  IfModule gt   RewriteCond   REQUEST FILENAME  -s  OR  RewriteCond   REQUEST FILENAME  -l  OR  RewriteCond   REQUEST FILENAME  -d RewriteRule      -  NC L  RewriteRule      index php  NC L    and it start to work

User · Answer

Make sure you don t have a redirect happening  This can happen if you don t include the trailing slash in the URL   See this answer for more detail     https   stackoverflow com a 27872891 614524

User · Answer

Try this in the  htaccess of the external root folder     lt IfModule mod headers c gt      Header set Access-Control-Allow-Origin      lt  IfModule gt    And if it only concerns  js scripts you should wrap the above code inside this    lt FilesMatch     js    gt       lt  FilesMatch gt

User · Answer

from my experience   if it doesn t work from within php do this in  htaccess it worked for me   lt IfModule mod headers c gt      Header set Access-Control-Allow-Origin http   www vknyvz com       Header set Access-Control-Allow-Credentials true  lt  IfModule gt     credentials can be true or false depending on your ajax request params

User · Answer

Add an  htaccess file with the following directives to your fonts folder  if have problems accessing your fonts  Can easily be modified for use with  css or  js files    lt FilesMatch     eot ttf otf woff    gt      Header set Access-Control-Allow-Origin      lt  FilesMatch gt

User · Answer

The other answers didn t work for me  this is what ended up doing the trick for apache2   1  Enable the headers mod   sudo a2enmod headers  2  Create the  etc apache2 mods-enabled headers conf file and insert    lt IfModule mod headers c gt      Header set Access-Control-Allow-Origin      lt  IfModule gt    3  Restart your server    sudo service apache2 restart

User · Answer

If your host not at pvn or dedicated  it s dificult to restart server   Better solution from me  just edit your CSS file  at another domain or your subdomain  that call font eot  woff etc to your origin  your-domain or www yourdomain   it will solve your problem   I mean  edit relative url on css to absolute url origin domain

User · Answer

BTW  the  htaccess config must be done on the server hosting the API  For example you create an AngularJS app on x com domain and create a Rest API on y com  you should set Access-Control-Allow-Origin     in the  htaccess file on the root folder of y com not x com      lt IfModule mod headers c gt      Header set Access-Control-Allow-Origin      lt  IfModule gt    Also as Lukas mentioned make sure you have enabled mod headers if you use Apache

[.htaccess] htaccess Access-Control-Allow-Origin

Examples related to .htaccess

Examples related to cors

Examples related to cross-domain