Removed www from Wordpress URL, not getting CORS error

[shahz]

Hey guys,

It's my first time trying OpenLiteSpeed and while I'm loving it, I stumbled into a little problem. By default, my Wordpress instance was using "www" in the URL. I removed it from Wordpress settings, and now I'm getting "Access to font at 'https://www.domain.com/dir/ithemes-icons.woff' from origin 'https://domain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Weirdly enough, if I changed the URL in the settings, isn't it supposed to update all URLs accordingly? Even when I install new plugins, it's using www as the domain base url.

Hope someone can shed some light. I have read the following:

https://openlitespeed.org/kb/how-to-set-up-custom-headers/
https://openlitespeed.org/kb/setting-up-cors-on-openlitespeed/
https://openlitespeed.org/mediawiki/index.php/Help:CORS_Setup

But I'm still confused and since it might lead to security issues, I hope someone can guide me on how to solve this.

Thank you.

 

[Cold-Egg]

Hi,

Have you updated both Home URL and Site URL from www.domain.com to domain.com?
If you have cache enabled, please do a purge all.

Hope above method helps.

 

[shahz]

Hi @Cold-Egg

Yeah, I did update both Home URL and Site URL indeed. I have LiteSpeed Cache, and I have purged done "Empty entire cache" under Toolbox, but the error still persists.

 

[Cold-Egg]

Do you have any rewrite rules in .htaccess file?
Any URL we can take a look?

 

[shahz]

Hey @Cold-Egg

Apologies for the delayed response. Right now, I have a code snippet that redirects http and/or https along with www to always point to https without www:

### Rewrite HTTP and WWW to HTTPS and non-WWW
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R,L]
### End HTTP and WWW rewrite

I also realized that I have two other http to https redirects added by wordpress and a plugin:
Code 1:

### Forcing HTTPS rule start
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
### Forcing HTTPS rule end

Code 2:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</IfModule>

Which one should I keep and which one should I remove?

 

[Cold-Egg]

Hi,

This one looks good to me,

RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R,L]

this part can be removed,

### Forcing HTTPS rule start
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
### Forcing HTTPS rule end

No comment on this authentication part. not relate to the HTTP/HTTPS redirect.

    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

 

[shahz]

Roger that.. Thank you @Cold-Egg
That was very helpful ^^