1

EDIT

I've managed to get it to work by putting the app files and the Wordpress files in seperate folders. It seems like the .htaccess information is passed through the folder when putting the app files with the .htaccess in the root. It's still unclear though why it did work on some computers in the first place...

I have 2 questions regarding a Access-Control-Allow-Origin error.

Question 1

I'm having a strange issue with an Angular website I'm building in combination with WP REST API.

When I view the website in question with my own laptop I don't get any errors. The same goes for my phone, ipad and the laptop of a friend. Some (most?) people though get a CORS error involving headers not being present (Access-Control-Allow-Origin).

I've tested this with several browsers and with several IP addresses, to exclude any interference from plugins.

So I'm wondering why I don't get these errors on some computers and do get on others.

Question 2

Of course the real question is why some (most?) people get this error.

I'm aware of the fact that you need headers for your resources and to explain what my problem is I think I have to explain my server "setup".

I have a folder on my server with the angular files in it and also the wordpress installation (in it's own folder). I'm requesting .html template files from another folder and other data from the WP REST API. When I'm adding headers via .htaccess with the code below the .html template files will be loaded correctly, but the WP REST API requests will get a multiple values error:

Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

So it seems that WP REST API also adds a header on it's own which causes for the error.

Again, no matter what settings I'm using, a few computers will always display the website correctly.

The website in question is http://www.hostingvs.nl/testsites/zoutendijk/

Hopefully someone can help me with this issue. Thanks in advance!

Jan Zoutendijk
  • 13
  • 5

1 Answers1

0

Maybe you need to add the HEAD Request Method and should probably remove DELETE and OPTIONS since they are considered unsafe. PUT is probably unnecessary.

Header add Access-Control-Allow-Methods "GET, POST, HEAD"
Ed-AITpro
  • 310
  • 1
  • 8
  • Thank you for your reaction, I've edited the methods, but this didn't solve my problem. It is safer though! – Jan Zoutendijk Jul 05 '16 at 10:03
  • Ok well yeah at least you have eliminated several possible causes and yeah made things safer. I think the problem is this code: Header add Access-Control-Allow-Origin "*". See the examples here and specifically this statement below. – Ed-AITpro Jul 05 '16 at 17:18
  • Ok well yeah at least you have eliminated several possible causes and yeah made things safer. So I guess start eliminating your other code. See this stackoverflow topic: http://stackoverflow.com/questions/13146892/cors-access-control-allow-headers-wildcard-being-ignored maybe you need to add more or all of the Header fields? – Ed-AITpro Jul 05 '16 at 17:25
  • The other thing that could be a problem is the wilcard you are using for origin. Maybe that needs to be an explicit domain? – Ed-AITpro Jul 05 '16 at 17:27
  • I've managed to get it to work by putting the app files and the Wordpress files in seperate folders. It seems like the .htaccess information is passed through the folder when putting the app files with the .htaccess in the root. The header fields should be edited, I agree, my first goal was to make it work in the first place, and now it does :) Thanks for helping! – Jan Zoutendijk Jul 07 '16 at 12:11
  • Great Job! Yep, htaccess files are hierarchical/recursive. And yep, the optimum site structure is to compartmentalize things so that you can control things individually per site/app/etc. Another method is to create bypass RewriteRules if you cannot change the site structure: http://forum.ait-pro.com/forums/topic/htaccess-files-for-multiple-website-domains/ – Ed-AITpro Jul 07 '16 at 14:33