blocked by CORS policy: No 'Access-Control-Allow-Origin' header ERROR

Question

Im having issues when accessing certain pages with the "www." in the URL. I have an online form for users to fill out although when accessed using the www. infront of the URL, errors show in the form & certain icons will not show and out coupons will not work properly.

Inspecting through google chrome > console this error has shown: Access to font at 'https://adventurethon.com.au/wp-content/plugins/WP_Estimation_Form/assets/fonts/fa-solid-900.ttf' from origin 'https://www.adventurethon.com.au' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Functioning URL (with no www.): https://adventurethon.com.au/east-gippsland-registration/ Incorrect functioning URL (with www.): https://www.adventurethon.com.au/east-gippsland-registration/

Is there a way to make sure that users are always redirected to the correct URL so these errors don't show? Or we will continue to have on-going errors when users are trying to sign up.

I am a web designer, still a bit new at the whole development side of things so easy to follow instructions would be much appreciated!

I have been in contact with plugin support as we thought it was a plugin issue although it was not. I also contacted hosting support although they are not willing to assist in fixing the issue.

Thank you! Beck

Answer 1

CORS (Cross-Origin Resource Sharing) stops other origins from being able to use your assets.

The www and non-www versions of your website are two different origins (domains) and the www version is trying to access files from the non-www version, which is being disallowed by your server.

There's a few ways you could proceed:

1. Redirect all traffic to one version; Apache .htaccess example
2. Adjust the CORS policy - you can do this using .htaccess or your server config files. This is a potential security threat.
3. Adjust your urls to reference the domain being visited. Presuming you're using WordPress, as tagged, this might be slightly difficult if you're using helper functions such as home_url() or template_directory_uri() as these always point to the url in your WordPress settings. You could also use an absolute-path reference (/wp-content/themes/freestyle/assets/css/elegant-icons/fonts/ElegantIcons.ttf instead of https://adventurethon.com.au/wp-content/themes/freestyle/assets/css/elegant-icons/fonts/ElegantIcons.ttf) if you have access to change this.

Your best bet would be the first option! You really shouldn't have two versions of the site accessible anyway as it counts as duplicate content for search engine bots, and WordPress isn't really configured to work on two domains.