Hello Everyone,
I have an OJS3.3 installation with multiple journals, each with a different domain name. We can describe the actual configuration as follow:
- Index page with the url ‘https://ojs.journals.com’
- journal #1 with url ‘https://www.myjournal1.com’
- etc …
config.inc.php configuration:
- base_url = “https://ojs.journals.com”
- base_url[index] = “https://ojs.journals.com”
- base_url[myjournal1] = “https://www.myjournal1.com”
- restful_urls = On
Apache2 VH configuration:
SetEnvIf Origin "http(s)?://(ojs.journals.com|www.myjournal1.com)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header merge Vary Origin
But I’ve also tryed with a more generic ‘Header set Access-Control-Allow-Origin: “*”’
When I try to make public the myjournal1 from the ‘Hosted Journals’ page:
I have the following CORS error:
Access to XMLHttpRequest at 'https://www.myjournal1.com/api/v1/contexts/1' from origin 'https://ojs.journals.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
because, despite being on domain ‘ojs.journals.com’ the request is made to domain ‘www.myjournal1.com’.
My question is: shouldn’t this operation be performed on ‘https://ojs.journals.com/api/v1/contexts/1’
instead of link ‘https://www.myjournal1.com/api/v1/contexts/1’?
Also because, being on a different domain, you would have to log in twice. Maybe a bug?
Thanks