Applicable to:
- Plesk for Linux
Question
How to set up cross-origin resource sharing (CORS) in Plesk to allow example.org to get resources from example.com?
Answer
Note: CORS is supported in the following browsers: Chrome 3+, Firefox 3.5+, Opera 12+, Safari 4+, Internet Explorer 8+
Warning: Only one header Access-Control-Allow-Origin can be added. CORS will not work if the header is defined both in nginx and Apache, or twice for Apache or nginx respectively.
-
Log in to Plesk on the server where the domain example.com is hosted.
-
Go Domains > example.com > Apache & nginx Settings.
-
Add the CORS header:
-
for Apache:
Add the following line to the field Additional directives for HTTP:
Header set Access-Control-Allow-Origin "http://example.org"
Add the following line to the field Additional directives for HTTPS:
Header set Access-Control-Allow-Origin "https://example.org"
-
for nginx:
Add one of the following lines to the field Additional nginx directives, depending on whether website works via HTTP or HTTPS:
add_header 'Access-Control-Allow-Origin' 'http://example.org';
add_header 'Access-Control-Allow-Origin' 'https://example.org';
-
-
Click OK or Apply at the bottom of the page to apply the changes.
Comments
15 comments
This actually worked for me, had to apply rule to both apache and nginx
Is this still the best way to enable CORS? In Plesk Obsidian we've been able to enable CORS for both Apache and nginx (as long as Proxy mode is enabled, so not for nginx standalone) by setting additional headers in the Common Apache settings section, with this format:
Access-Control-Allow-Origin: example1.com
Hello @Maghreb,
Thank you for sharing your user experience.
Your solution also works fine as a server-wide one.
However, the solution specified in the article is more flexible as allows more granular setting per domain.
How do we add this when using PLESK OBSIDIAN
@Kingsley Felix
Exactly the same method still applies.
How would you setup for multiple domains?
Hi @Marco Maranao,
Additional directives for Apache or Nginx can also be applied for Service Plans. In this case, the directives can be applied for multiple domains.
Please add directives in Plesk > Service Plans > plan_name > Web Server.
The examples given as a solution do not seem to match the situation
"Plesk to display content from example.org on example.com?"
I think the examples are showing the wrong way around. They allow content from example.com to be displayed in example.org. So should the introductory phrase not be
"Plesk to display content from example.com on example.org?"
Hello Peter Debik,
The "Access-Control-Allow-Origin" option allows getting access to the resources of the server for defined clients.
In that case, you are right. The next directive allows example.org to get resources from example.com:
Header set Access-Control-Allow-Origin "http://example.org"
Thank you for bringing our attention to this fact. We will review the article and fix it in order to make it more correct and clear.
Why do I get this error?
has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
I tried to add Header set Access-Control-Allow-Origin "https://example.org" but it didn't worked, i still get this error.
EDIT: I found it my self, it was already 2 times in the htaccess file, so I deleted one of the lines, and now it is working like a charm :D
Something weird I encountered in a Plesk where nginx act as a proxy for Apache :
I added
to nginx additional directives for website example.com whose static files (fonts, images) where called by example.org.
Everything's fine for these static resources till the developer told me about a problem with his plupload implementation : the xhr sent by plupload falls in a CORS error.
The solution was to quote the
he had put in his .htaccess.
It happens just as if htaccess instruction was in conflict with nginx instruction.
Note :
If .htaccess instruction is unquoted and the 'handle static resources by nginx' disabled and access control directive from nginx additional directives removed, the CORS error happens on plupload xhr and static files as well.
Wish I understood why such a behaviour
Hi,
I need to set only one value:
and not
How to?
Hello @Andrea Tadioli!
You just need to replace the URL with *:
for Apache:
for nginx:
I have added this exactly as it says in both apache and ngnix but still having this issue.
apache: Header set Access-Control-Allow-Origin "https://example.org"
ngnix: add_header 'Access-Control-Allow-Origin' 'https://example.org';
I added the following for both Apache and Ngnix but to no avail:
Apache: Header set Access-Control-Allow-Origin "*"
Ngnix: add_header 'Access-Control-Allow-Origin' '*';
I was able to resolved the CORS issue by disabling Apache http2 module from the this instruction and removing all traces of Header set Access-Control-Allow-Origin "*" in project .htaccess files.
Please sign in to leave a comment.