OJS3: No Access-Control-Allow-Origin header is present on the requested resource (Chrome)

Vitaliy · September 7, 2016, 8:00pm

I have noticed an issue with not displaying OJS correctly in Chrome Browser.
Checked page source in Chrome and get this message:

Font from origin [my domain name] has been blocked from loading by Cross-Origin Resource Sharing policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin [my domain name] is therefore not allowed access.

Also thumbnails near “search” menu and in the top right corner of the admin page are not shown correctly. On firefox all works fine.

Vitaliy · September 7, 2016, 8:10pm

quick reply

The problem seems to be in my apache domain configuration. Not to OJS3.

Vitaliy · September 7, 2016, 10:44pm

Problem solved by adding following line to apache configuration file in apache2/sites-available/ :

<IfModule rewrite_module>
            RewriteEngine On
            RewriteBase /
            RewriteCond %{HTTP_HOST} ^www.mydomainname.com$ [NC]
            RewriteRule ^(.*)$ http://mydomainname.com/$1 [R=301,L]
 </IfModule>

NateWr · September 8, 2016, 4:38pm

Glad you were able to get it worked out and thanks for reporting back on a fix in case anyone else runs into this issue.

Adminojs · November 15, 2016, 5:18am

Can You tell me Location apache configuration؟

ctgraham · November 15, 2016, 1:38pm

Apache is configured by a series of conf files which live outside of the web root. For example, in RHEL these usually start with /etc/httpd/conf/httpd.conf, which then references /etc/httpd/conf.d/*.conf, etc. Apache can be further configured with .htaccess files which live inside of the web root.

Either the main configuration files or the .htaccess overrides can be used to make a mod_rewrite rule such as this (provided .htaccess overrides are allowed by the main configuration files).

See: Configuration Files - Apache HTTP Server Version 2.4

vvucic · February 9, 2017, 11:12pm

We have those issues with several installations that in some browsers icons are visible and in some not. I think that is needed to double check is it apache configuration. If apache does not allow something how some browsers can get icons while other browsers can’t. ?
I think that this issue deserves more detailed examination.

Thanks

Vitaliy · February 10, 2017, 6:59am

Hi @vvucic,

It`s up to the browser how to deal with this cross-domain request.

vvucic · February 10, 2017, 10:58pm

The same browser sees icons on one system and on the other server the same browser does not see icons. Thus, I have doubts that it is issue of browser. the same results with Firefox, Seamonkey and Chromium.
Please advise

vvucic · February 11, 2017, 12:43am

When I addedd:
Header set Access-Control-Allow-Origin “*”
to .htaccess everything worked well.
It is important that be precise what is error message in console in inspect element.
I have had
CORS header ‘Access-Control-Allow-Origin’ missing
and fixed it with above mentioned statement.
It is fixed now.

Vitaliy · February 11, 2017, 6:20am

Hi @vvucic,

Adding Access-Control-Allow-Origin: * is not a very good idea. With this line you allow to all domains to get content from your site.

vvucic · February 11, 2017, 8:34am

However,

It is possible to to like this:
https://www.w3.org/TR/cors/#access-control-allow-origin-response-header
point 5.1

And also this one can be helpful: <FilesMatch "\.(ttf|ttc|otf|eot|woff)$"> <IfModule mod_headers> Header set Access-Control-Allow-Origin "*" </IfModule> </FilesMatch>

Vitaliy · February 11, 2017, 9:20am

@vvucic,

Access-Control-Allow-Origin: * Gives a permissions for other domains to get all your content to their site. Embed your css, javascript etc.

Do you really understand the reason why icons are not displayed in case, which I described?
The browser simply thinks that www.mydomainname.com and mydomainname.com are 2 “separate” sites

vvucic · February 11, 2017, 12:22pm

I tried your solution but it did not work. Thus, I reduced to type of file that is related to webfonts only. I will investigate further, but the solution that reduce filetype to webfonts is relatively safe and and its working.

Vitaliy · February 11, 2017, 12:55pm

Hmm,

It is strange. My solution is aimed to tell the browser, that this 2 requests are pointing to the same site. In your solution you tell the browser that this 2 requests are really pointing to the different sites and it must deal with it.

If the first solutions is not working for you, maybe it will be better at least to change "*" to you domain name, where problem occurs?

Halim_Kusuma_Wardana · July 1, 2020, 11:27pm

hi vitaliy

i have problem on my OJS. My OJS doesn’t display glyphicons. When I checked at the postman console it turned out that I still had access to localhost, even though OJS had been uploaded to the subdomain. The following error message:

localhost: 82 / sntt2020 / plugins / themes / bootstrap3 / bootstrap / fonts / glyphicons-halflings-regular.woff2: 1 Failed to load resource: net :: ERR_CONNECTION_REFUSED

diegojmacedo · April 28, 2022, 5:44pm

This apache configuration solved my issue.

thanks,
@Vitaliy

rcgillis · May 2, 2022, 11:00am

This topic was automatically closed after 2 days. New replies are no longer allowed.