How to enable CORS?

lsfoo

Moderator
#2
Hi bantalguling,

Try creating a new context in the virtual host where you want to add the CDN support.

For the URI, use
Code:
exp: \.(gif|png|jpe?g|svg|svgz|ico|webp)$
For the location, use
Code:
$DOC_ROOT$0
(that is a zero)
And then add the extra header
Code:
Access-Control-Allow-Origin "*"
Let me know if this works/doesn't work.

Hope this helps,
Kevin
 
#3
The type is Static? Accessible is Yes? I added webfont extension (woff, ttf) because these are the problem, images loaded fine.

Restart the server again > Purge the CDN (I use NetDepot) > checked blog and still not loaded.

Then run command:
Code:
curl -I http://cdn.example.com/wp-includes/images/smilies/frownie.png
Just to test is the header added. First is still 404 because the CDN is still not repopulated its cache after purging, then this is the result:

Code:
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Aug 2015 14:17:11 GMT
Content-Type: image/png
Content-Length: 1007
Connection: keep-alive
Last-Modified: Sun, 02 Aug 2015 15:12:39 GMT
Cache-Control: max-age=406856, public
Expires: Mon, 10 Aug 2015 07:18:07 GMT
Set-Cookie: visid_incap_555580=mcFDWg4PQlObftRoKOH9zecawlUAAAAAQUIPAAAAAAB1eN1Avog7s+NBQ03nGxec; expires=Fri, 04 Aug 2017 08:34:50 GMT; path=/; Domain=.example.com
Set-Cookie: incap_ses_208_555580=Oyu9Boye109s1rQDQ/fiAucawlUAAAAAgBfRFCnJhg5qFeS/hPkgJg==; path=/; Domain=.example.com
Set-Cookie: ___utmvmoOuDofa=YkmpGxUuyIE; path=/; Max-Age=900
Set-Cookie: ___utmvaoOuDofa=lwBWMwD; path=/; Max-Age=900
Set-Cookie: ___utmvboOuDofa=NZH
  XYCOvals: DtO; path=/; Max-Age=900
X-Iinfo: 4-1977710-0 0CNN RT(1438784231160 0) q(0 -1 -1 -1) r(0 -1)
X-CDN: Incapsula
X-Cache: MISS
X-Storage: 205.251.145.3:8001
X-Edge-IP: 205.251.145.3
X-Edge-Location: Newark, US
Edit:

I will disable Incapsula first, maybe they strip the header. I will report later.
 

lsfoo

Moderator
#4
Correct to both.

Based on your output, if it is possible to do so, could you do the following steps?

1. Enable Debug Log
2. Restart Server
3. Make the same request as above
4. If limited on space, disable debug log and restart server again.
5. Check the error.log in SERVER_ROOT/logs to see how the request was received and handled.

If it is possible, it would help if you sent us the debug log. If you are not comfortable uploading it to the forum, just send it to me in an email, kfwu at litespeedtech dot com

Also, as an aside, another way to check if OLS added the header correctly is to use curl to access a file using the virtual host's ip:port (This tip is based on the server header. If nginx is used as a front end, it should have passed the header along, so this is to eliminate a possible variable)

Let me know of any updates,
Kevin
 
#6
Hi Bantalguling,

If you are able to get the server back up and running, please try to get the debug log. With it, we should be able to determine what is going on when you try to make the request.

Best,
Kevin
 

lsfoo

Moderator
#7
Hi Bantalguling,

I know this is an old issue, but if you are still trying to get CORS working, we may have a workaround solution.

It seems like for CORS to work, the OPTIONS request has to be handled first.

If you are using 1.4 and you installed via source, you will need to apply a small patch to remove returning 405 on an OPTIONS request. 1.3 should also be patch-able, but I did not test it, so I cannot confirm.

As well, you will need to try another rewrite rule.

Please see the response here to see the changes needed to fix the issue.

Cheers,
Kevin
 
Top