Skip to main content

Access-Control-Allow-Origin stopped working after NGINX installation

Intekhab
Access-Control-Allow-Origin has been working fine for me. I have the following on my PHP code:
It was serving fine with the server config. But after I installed nginx as reverse proxy, it is no longer working. Firefox web console shows error: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://backend.com. (Reason: CORS header "Access-Control-Allow-Origin" missing). Status code: 401.
How do I make it to work again?

Comments

4 comments

Date Votes
  • cPanelAnthony
    Hello! It looks like CORS needs to be set up differently in nginx. Does the following article help? It isn't an official cPanel article, but may have useful information.
    0
  • Intekhab
    Actually looks like the issue was due to .htaccess blocking the IP. The .htaccess there only allows access from my static IP. It was working fine with apace as it was passing my actual IP to .htaccess. But after NGINX reverse proxy it looks like it's passing server main IP to .htaccess as visitor ip. Any way to solve it by making nginx passing the visitor IP (even its behind cloudflare) to .htaccess (for require IP matching)
    0
  • cPRex Jurassic Moderator
    @Intekhab - I'm not sure about the Cloudflare side of things, but we do mention that mod_remoteip should be installed as well in our documentation here:
    0
  • uk01
    See further down here, I was using Magento and spent hours looking for the answer and tried about 500! I added to the server configs, nginx configs, top level htaccess, everything, none worked. Then found this... on 26 Jul 2018" It worked with cloudflare as soon as I added the first one (screenhot attached) ****IMPORTANT EDIT**** Do not use the solution above, I found out it's wrong. I tested with fake domains and it made no difference. Yes it gets java working but it uses x-requested-with which we are not supposed to use. Infact it's only that line which triggers the java. It is not protected with the domains. Use this... Header add Access-Control-Allow-Origin "https://*.domain.com" It took me hours and hours to get this working. A note to anyone else, if your CDN is loading from the /pub/static folder, you need to put this at the top of the htaccess file in the static folder, NOT in the top level htaccesss file which it says everywhere!! Also wrap it in the mod header tags Hope this helps someone, I got so stressed out with it!
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post