Error: Access to Font at 'http://www.example.com//assets/global/plugins/font-awesome/fonts/fontawesome-webfont.woff2?v=4.4.0' from origin 'http://example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example.com' is therefore not allowed access.
Solution:
<?php
header('Access-Control-Allow-Origin: *');
class Home extends CI_Controller {
public function index()
{
$this->load->view('master');
}
}
?>
I tried this Solution but it not working can you please help me How to resolve it? and How to remove index.php from URL?
You can add the origin of the request to the list of domains authorized to access the server's resources by adding it to the values of the Access-Control-Allow-Origin header. You can set it via the header() function of PHP (https://www.php.net/manual/fr/function.header.php).
To allow any site to make CORS requests without using the * wildcard (for example, to enable credentials), your server must read the value of the request's Origin header and use that value to set Access-Control-Allow-Origin , and must also set a Vary: Origin header to indicate that some headers are being set ...
In order to fix CORS, you need to make sure that the API is sending proper headers (Access-Control-Allow-*). That's why it's not something you can fix in the UI, and that's why it only causes an issue in the browser and not via curl: because it's the browser that checks and eventually blocks the calls.
Allowing cross-site scripting may cause security issues, try to adjust your codeigniter options;
application/config/config.php
file, $config['base_url'] = "";
and place your project folder's path as value.
$config['base_url']="http://localhost/yourProjectFolder/";
Try allowing GET & OPTIONS
<?php
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Methods: GET, OPTIONS");
If the above doesn't work, try allowing access to font resources via .htaccess
(for apache) or in nginx server block - add these lines:
# Apache config
<FilesMatch ".(eot|ttf|otf|woff)">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
or
# nginx config
if ($filename ~* ^.*?\.(eot)|(ttf)|(woff)$){
add_header Access-Control-Allow-Origin *;
}
Just we want add 'www' infront of domain name.
Go to application/config/config.php file,
$config['base_url']="http://yourdoamin.com";
Change to
$config['base_url']="http://www.yourdoamin.com";
Codeigniter is a cool framework to manipulate PHP, for CORS, you don't need to enable it as it has security implications, just do the following
config.php
,$config['base_url'] = "";
$config['base_url']="http://localhost/youproject/";
Save and reload your application. Your good to go
Add "Allow from all" in .htaccess
file if it still doesn't work.
<FilesMatch ".(ttf|otf|eot|woff|woff2)$">
<IfModule mod_headers.c>
Allow from all
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
Add this directly to your php controller file:
Header('Access-Control-Allow-Origin: *'); //for allow any domain, insecure
Header('Access-Control-Allow-Headers: *'); //for allow any headers, insecure
Header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE'); //method allowed
Use header() functions in your Codeigniter __construct
public function __construct()
{
parent::__construct();
$this->load->model('api_model');
$this->load->library('form_validation');
Header('Access-Control-Allow-Origin: *'); //for allow any domain, insecure
Header('Access-Control-Allow-Headers: *'); //for allow any headers, insecure
Header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE'); //method allowed
//Or
header('Access-Control-Allow-Origin: website_url');
header("Content-Type: application/json; charset=UTF-8");
Header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE'); //method allowed
}
In my experience none of this answers was usable for me and the important item missed . Using "*" is insecure.
header("Access-Control-Allow-Headers: Origin,X-Requested-With");
Every where in web , experts just hint to little and common list of this headers. If you are customized the headers for some reasons like authorization you need to use extended list like this. Use the headers related to your used options
header("Access-Control-Allow-Headers: Origin,X-Requested-With,Content-Type,Accept,Access-Control-Request-Method,Authorization,Cache-Control")
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With