Xenforo No 'Access-Control-Allow-Origin' header is present on the requested resource

rdan · Aug 10, 2015

I'm using Cloudflare CDN for static content, now I have some issue with XMG Video icons.
Live demo here.

I got this error on Browser Console.

Font from origin 'http://static.xxx.xxx' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'XXX.xxx - Official .XXX Directory' is therefore not allowed access.
Click to expand...

On my Nginx config, I even have this:
Code:
location ~* \.(eot|svg|ttf|woff|woff2)$ {
    add_header 'Access-Control-Allow-Origin' '*';
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
    break;
        }
XenForo thread: No 'Access-Control-Allow-Origin' header is present on the requested resource | XenForo Community

eva2000 · Aug 10, 2015

Header probably needs to be added at Cloudflare level. I know KeyCDN does it at their level so you can edit the CORS policy for KeyCDN served files.

Does CloudFlare support Cross-origin resource sharing (CORS)? – CloudFlare Support

CloudFlare supports CORS and operates in the following way:

The CloudFlare CDN identifies cache items based on the Host Header + Origin Header + Path and Query, which supports different objects using the same host header, but different origin headers

CloudFlare passes Access-Control-Allow-Origin header through unaltered from the origin server to the browser

If you have having trouble seeing the CORS headers that you have added to your web server, you should read Why can't I see my CORS headers?
Click to expand...

rdan · Aug 10, 2015

I hope you will upgrade your XMG addon here also, the latest RC1 with video upload so that we can test if keycdn support it.

eva2000 · Aug 10, 2015

RoldanLT said: ↑

I hope you will upgrade your XMG addon here also, the latest RC1 with video upload so that we can test if keycdn support it.
Click to expand...

latest when stable comes

Why can't I see my CORS headers? – CloudFlare Support

As covered in our article Does CloudFlare support Cross-origin resource sharing (CORS)? we offer support for CORS headers. Access-Control-Allow-Origin headers are often applied to cacheable content - font files, for example.

A web server will often respond with different Access-Control-* headers depending on the Origin header the browser sends in the request, and for that reason these requests are cached separately to each other.

If you have added or changed your CORS configuration on your web server, purging the CloudFlare cache by URL will not show you the latest headers. To force CloudFlare to retrieve the new version of the file, you can do one of two things:

1. Change the filename or URL - this will bypass the cache and CloudFlare will retrieve the latest headers immediately.

2. Purge everything and update the Last-Modified timestamp on your web server. Completing a full CDN purge will force CloudFlare to revalidate any items in its cache, but for this to get the new version of the file, you may need to update your server's last-modified time for the file. You can do this by running touch at the command line on the file e.g. "touch yourfile.extension" or by re-uploading the file via your FTP client.

Details on Purge Everything is here:

How do I purge my cache? – CloudFlare Support

A future version of our API will allow URL purging for the different CORS requests to make this process easier.
Click to expand...

Log in / Register

Forums

Join the community today

Xenforo No 'Access-Control-Allow-Origin' header is present on the requested resource

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Join the community today

Xenforo No 'Access-Control-Allow-Origin' header is present on the requested resource

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

.