CORS error when subsites request Font assets from parent site

Hey there! Thanks for the great software, I’m a big fan.

I’ve got a few multisites and I get this on every single one when in the admin panel of one of my subsites:

Access to Font at 'https://site.local/app/plugins/stream/ui/stream-icons/font/stream.ttf' from origin 'https://test.site.local' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://test.cooler.local' is therefore not allowed access.

(I get one for every custom font included on the backend, depending on the plugins I have activated)

I’m thinking this would be a pretty simple change in the nginx configs, but I’m not sure where to put it.

Thanks to anyone who can provide some help! Cheers.

Hey there! Anyone have any ideas about this? I was just following up as this still doesn’t seem to be resolved (Local v2.1.2).

Hi @JulienMelissas,

So I’m not too sure where you would put the nginx config file as an override, however you could try and put a .htaccess in the root of your public folder. Some nginx configurations accept Apache style configurations, namely because of its wider acceptance.

Another thing worth considering in a multi site environment is data segregation. Are you sure that you want a plugin that is running one 1 site to appear to be accessible from another. Is there a way you could activate this plugin on a per site basis rather than network?

Give it a try and let me know how it goes.

Regards,

Phill

1 Like

Hi Julian, I think the nginx config is baked into the docker container image Local uses. I’ve managed to customize Access-Control-Allow-Origin headers for apache instances, but ran into the same limitation with nginx.

It’s worth noting that for Apache, you can update the the conf files located in /conf/apache/sites-enabled adding something like this to get past CORS errors:

Header set Access-Control-Allow-Origin “*”

2 Likes

Thanks Jason! (funny part is Jason and I work in the same office haha) I’m going to try that this week. I’m definitely interested in keeping with nginx because it’s close to our hosting environment. But maybe the .htaccess mods will work.

@Phiph – thank you for your reply earlier, sorry I’m just now getting back. A lot of the plugins are mu-plugins and yes, we actually do want the “data” to be segregated. The websites are all related so that’s actually intended behavior. Again, it works in all our live and staging environments, so I know it’s a local thing.

I’ll play around with it some more and report back

@JulienMelissas, did you ever figure out a solution for this?

I’m trying to pull in an API on a Local site right now and I’m getting a similar error. I’m just not sure where I’d add an .htaccess file (if it’d even work), or where I’d override the config files.

Thanks!

Hey @tronish1189 - I wish I could say I had, but I didn’t end up really “solving” it. That said, I don’t think I’ve experienced the issues with the newer versions of Local…

If you’re getting CORS errors with an API, they might not allow front-end API calls. Try to see if they have support for JSONp or some authentication steps you’re missing…

Thanks @JulienMelissas! I ended up using JSONp and got it working. Thanks for the reply!

You got it!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.