Removed www from Wordpress URL, not getting CORS error

shahz

New Member
#1
Hey guys,

It's my first time trying OpenLiteSpeed and while I'm loving it, I stumbled into a little problem. By default, my Wordpress instance was using "www" in the URL. I removed it from Wordpress settings, and now I'm getting "Access to font at 'https://www.domain.com/dir/ithemes-icons.woff' from origin 'https://domain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Weirdly enough, if I changed the URL in the settings, isn't it supposed to update all URLs accordingly? Even when I install new plugins, it's using www as the domain base url.

Hope someone can shed some light. I have read the following:

https://openlitespeed.org/kb/how-to-set-up-custom-headers/
https://openlitespeed.org/kb/setting-up-cors-on-openlitespeed/
https://openlitespeed.org/mediawiki/index.php/Help:CORS_Setup

But I'm still confused and since it might lead to security issues, I hope someone can guide me on how to solve this.

Thank you.
 

shahz

New Member
#3
Hi @Cold-Egg

Yeah, I did update both Home URL and Site URL indeed. I have LiteSpeed Cache, and I have purged done "Empty entire cache" under Toolbox, but the error still persists.
 

shahz

New Member
#5
Hey @Cold-Egg

Apologies for the delayed response. Right now, I have a code snippet that redirects http and/or https along with www to always point to https without www:
Apache config:
### Rewrite HTTP and WWW to HTTPS and non-WWW
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R,L]
### End HTTP and WWW rewrite
I also realized that I have two other http to https redirects added by wordpress and a plugin:
Code 1:
Apache config:
### Forcing HTTPS rule start
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
### Forcing HTTPS rule end
Code 2:
Apache config:
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</IfModule>
Which one should I keep and which one should I remove?
 

Cold-Egg

Administrator
#6
Hi,

This one looks good to me,
Code:
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R,L]
this part can be removed,
Code:
### Forcing HTTPS rule start
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
### Forcing HTTPS rule end

No comment on this authentication part. not relate to the HTTP/HTTPS redirect.
Code:
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
 
Top