CORS with php (Wordpress)
The problem here seems to be that you previously had the fonts on the same domain as the WordPress installation. Now that fonts live on a different domain (and possibly different server), you need to set the Access-Control-Allow-Origin
header on the server that is handling the fonts, not the one serving WordPress.
On Nginx it would be something like:
location ~ \.(eot|ttf|otf|woff)$ { add_header Access-Control-Allow-Origin *;}
On Apache's .htaccess
it will be exactly as you did above, but you should restrict this header to font files:
AddType application/vnd.ms-fontobject .eotAddType application/x-font-ttf .ttfAddType application/x-font-opentype .otfAddType application/font-woff .woff<FilesMatch ".(eot|ttf|otf|woff)"> Header set Access-Control-Allow-Origin "*"</FilesMatch>
I had the same problem but with icons may solution at the moment is like that:
Depending on your host service you should have a .htaccess file (if it's an Apache server) in your root directory. With a Wordpress installation it's content is like that:
# BEGIN WordPress<IfModule mod_rewrite.c>Header set Access-Control-Allow-Origin "*"RewriteEngine OnRewriteBase /RewriteRule ^index\.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</IfModule># END WordPress
I added the line Header set Access-Control-Allow-Origin "*"
and the CORS error was gone.
I faced same issue Today and I am able to solve following linkhttps://thoughtsandstuff.com/wordpress-rest-api-cors-issues/
Add this to your WordPress function.php file and you should be set!
add_action('init', 'handle_preflight');function handle_preflight() { $origin = get_http_origin(); if ($origin === 'https://yourfrontenddomain') { header("Access-Control-Allow-Origin: yourfrontenddomain"); header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE"); header("Access-Control-Allow-Credentials: true"); header('Access-Control-Allow-Headers: Origin, X-Requested-With, X-WP-Nonce, Content-Type, Accept, Authorization'); if ('OPTIONS' == $_SERVER['REQUEST_METHOD']) { status_header(200); exit(); } }}add_filter('rest_authentication_errors', 'rest_filter_incoming_connections');function rest_filter_incoming_connections($errors) { $request_server = $_SERVER['REMOTE_ADDR']; $origin = get_http_origin(); if ($origin !== 'https://yourfrontenddomain') return new WP_Error('forbidden_access', $origin, array( 'status' => 403 )); return $errors;}