OJS3: No Access-Control-Allow-Origin header is present on the requested resource (Chrome)

#1

I have noticed an issue with not displaying OJS correctly in Chrome Browser.
Checked page source in Chrome and get this message:

Font from origin [my domain name] has been blocked from loading by Cross-Origin Resource Sharing policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin [my domain name] is therefore not allowed access.

Also thumbnails near “search” menu and in the top right corner of the admin page are not shown correctly. On firefox all works fine.

Search Icons in other Journal not Viewed and then PDF files error view, no files found;
Each journal with its own domain name
Icons not visible
#2

quick reply :slight_smile:

The problem seems to be in my apache domain configuration. Not to OJS3.

Problem rendering glyphicons in ojs 3.0.0
#3

Problem solved by adding following line to apache configuration file in apache2/sites-available/ :

<IfModule rewrite_module>
            RewriteEngine On
            RewriteBase /
            RewriteCond %{HTTP_HOST} ^www.mydomainname.com$ [NC]
            RewriteRule ^(.*)$ http://mydomainname.com/$1 [R=301,L]
 </IfModule>
#4

Glad you were able to get it worked out and thanks for reporting back on a fix in case anyone else runs into this issue. :thumbsup:

#5

Can You tell me Location apache configuration؟

#6

Apache is configured by a series of conf files which live outside of the web root. For example, in RHEL these usually start with /etc/httpd/conf/httpd.conf, which then references /etc/httpd/conf.d/*.conf, etc. Apache can be further configured with .htaccess files which live inside of the web root.

Either the main configuration files or the .htaccess overrides can be used to make a mod_rewrite rule such as this (provided .htaccess overrides are allowed by the main configuration files).

See: https://httpd.apache.org/docs/current/configuring.html

#7

We have those issues with several installations that in some browsers icons are visible and in some not. I think that is needed to double check is it apache configuration. If apache does not allow something how some browsers can get icons while other browsers can’t. ?
I think that this issue deserves more detailed examination.

Thanks

#8

Hi @vvucic,

It`s up to the browser how to deal with this cross-domain request.

1 Like
#9

The same browser sees icons on one system and on the other server the same browser does not see icons. Thus, I have doubts that it is issue of browser. the same results with Firefox, Seamonkey and Chromium.
Please advise

Font awesome icon doesn't showing in ojs
#10

When I addedd:
Header set Access-Control-Allow-Origin "*"
to .htaccess everything worked well.
It is important that be precise what is error message in console in inspect element.
I have had
CORS header ‘Access-Control-Allow-Origin’ missing
and fixed it with above mentioned statement.
It is fixed now.

#11

Hi @vvucic,

Adding Access-Control-Allow-Origin: * is not a very good idea. With this line you allow to all domains to get content from your site.

#12

However,

It is possible to to like this:
https://www.w3.org/TR/cors/#access-control-allow-origin-response-header
point 5.1

And also this one can be helpful: <FilesMatch "\.(ttf|ttc|otf|eot|woff)$"> <IfModule mod_headers> Header set Access-Control-Allow-Origin "*" </IfModule> </FilesMatch>

#13

@vvucic,

Access-Control-Allow-Origin: * Gives a permissions for other domains to get all your content to their site. Embed your css, javascript etc.

Do you really understand the reason why icons are not displayed in case, which I described?
The browser simply thinks that www.mydomainname.com and mydomainname.com are 2 “separate” sites

#14

I tried your solution but it did not work. Thus, I reduced to type of file that is related to webfonts only. I will investigate further, but the solution that reduce filetype to webfonts is relatively safe and and its working.

#15

Hmm,

It is strange. My solution is aimed to tell the browser, that this 2 requests are pointing to the same site. In your solution you tell the browser that this 2 requests are really pointing to the different sites and it must deal with it.

If the first solutions is not working for you, maybe it will be better at least to change "*" to you domain name, where problem occurs?