[ad_1]
SO i have this website for which i need a pretty hardened CORS policy, set to “same site”.
Currently it is set to “\*”. i did manage to add the site url, but now the Access Contol Allow Origin is set to \[site URL\] and “\*”.
I have tried plugins, editting htaccess file, editing the theme function.php file, apache conf files and everything i could think of.
is there any way i can get rid of the “\*” on Access Control Allow Origin?
The domain in question is https://uat.digitalimpactsquare.com/
[ad_2]
Do you know PHP and how to write a WP plugin? If yes, then make a plugin that gets the data on the server side. Create a REST endpoint on the WP API, and output the data on your own domain. Presto! No more CORS problems.
How did you set it to site url? Is the cors policy contained in the theme? Depending n the server stack there may be another file pushing the cors header – some system use a custom-redirects.php file in the site root. Without access, you’ll need to dig around to figure out how the current setup is setting *
if you are trying to pull data from external API through ajax, CORS is a problem. to solve this, do an ajax to the same site, and in the php ajax script, pull the external one through php with wp_remote_request() and output that into your ajax result.