Welcome! Log In Create A New Profile

Advanced

Cors problems

Posted by zeux 
Cors problems
March 24, 2020 05:14AM
Hi,

I have a site in wordpress (say www.example.com) with subdomains for varius languages, (say en.example.com, fr.example.com) and I need that Cors works correctly for all my subdomains but the browsers (Chrome, Firefox) return the following error:

"Access to font at 'https://www.example.com/wp-content/themes/example/fonts/fontawesome-webfont.woff2?v=4.5.0' from origin 'https://en.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."

My server conf is:


server {
listen 80;
server_name www.example.com example.com;
server_name en.example.com fr.example.com de.example.com;
#return 301 https://www.example.com$request_uri;
return 301 https://$host$request_uri;
}


server {

listen 443 ssl;
server_name www.example.com example.com en.example.com fr.example.com de.example.com;
root /webServer/siti/exampleCOM;

allow all;
#deny all;

ssl on;
ssl_certificate /etc/ssl/certs/example.crt;
ssl_certificate_key /etc/ssl/private/example.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 90m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

include /etc/nginx/conf.d/redirections/rewriteexampleCOM;
include /webServer/sites/exampleCOM/nginx.conf;

# CORS START

set $origin_http "";

if ($http_origin ~* (.*\.example.com)) {
set $origin_http "*";
}

if ($http_origin ~* (.*\.google.com)) {
set $origin_http "*";
}

if ($http_origin ~* (.*\.twitter.com)) {
set $origin_http "*";
}

if ($http_origin ~* (.*\.facebook.com)) {
set $origin_http "*";
}

if ($http_origin ~* (.*\.facebook.net)) {
set $origin_http "*";
}

# CORS END

location /wp-content {
# CORS START
add_header 'Access-Control-Allow-Credentials' 'false' always;
add_header "Access-Control-Allow-Origin" "$origine_http" always;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD" always;
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept" always;
# CORS END
}

location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml|woff2|woff|ttf)$ {
# CORS START
add_header 'Access-Control-Allow-Credentials' 'false' always;
add_header "Access-Control-Allow-Origin" "$origine_http" always;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD" always;
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept" always;
# CORS END
}


location / {
try_files $uri $uri/ /index.php?$args;

# CORS START
add_header 'Access-Control-Allow-Credentials' 'false' always;
add_header "Access-Control-Allow-Origin" "$origin_http" always;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD" always;
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept" always;
# CORS END

expires off;
}


######################
# Permalinks

if (!-e $request_filename) {
rewrite ^/files(.*) /wp-includes/ms-files.php?file=$1 last;

rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*.php) $2 last;

rewrite ^.*$ /index.php last;
}

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}

# Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS!
location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ {
return 444;
}

#nocgi
location ~* \.(pl|cgi|py|sh|lua)\$ {
return 444;
}

#disallow
location ~* (roundcube|webdav|smtp|http\:|soap|w00tw00t) {
return 444;
}

location ~ /(\.|wp-config\.php|readme\.html|license\.txt) {
deny all;
}

location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

location ~ \.php$ {
expires off; ## Do not cache dynamic content
# SECURITY : Zero day Exploit Protection
try_files $uri =404;
# ENABLE : Enable PHP, listen fpm sock
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# PHP 5.6
#fastcgi_pass unix:/var/run/php/php5.6-fpm-example.sock;
# PHP 7.3
fastcgi_pass unix:/var/run/php/php7.3-fpm-exampleCOM.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 360;

# CORS START
add_header 'Access-Control-Allow-Credentials' 'false' always;
add_header "Access-Control-Allow-Origin" "$origin_http" always;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD" always;
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept" always;
# CORS END

}
}

Where do I make errors?

Thank you
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 64
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready