Applicable to:
- Plesk for Linux
Question
How to set up cross-origin resource sharing (CORS) in Plesk to allow example.org to get resources from example.com?
Answer
Note: CORS is supported in the following browsers: Chrome 3+, Firefox 3.5+, Opera 12+, Safari 4+, Internet Explorer 8+
Warning: Only one "Access-Control-Allow-Origin" is possible to be added. For Nginx, it's required to choose if it has to be HTTP or HTTPS. And won't work if set in Nginx and in Apache.
-
Log in to Plesk on the server, where domain example.com is hosted.
-
Navigate to the tab Domains > example.com > Apache and nginx settings and add the following directives to the section Additional directives for HTTP:
CONFIG_TEXT: Header set Access-Control-Allow-Origin "http://example.org"
Additional directives for HTTPS:
CONFIG_TEXT: Header set Access-Control-Allow-Origin "https://example.org"
-
In case nginx as reverse proxy is enabled, add the following nginx directive to Domains > example.org > Apache and nginx settings > Additional nginx directives, depending on whether website works via HTTP or HTTPS :
CONFIG_TEXT: add_header 'Access-Control-Allow-Origin' 'http://example.org';
CONFIG_TEXT: add_header 'Access-Control-Allow-Origin' 'https://example.org';
-
Click Apply to save settings.
Comments
11 comments
This actually worked for me, had to apply rule to both apache and nginx
Is this still the best way to enable CORS? In Plesk Obsidian we've been able to enable CORS for both Apache and nginx (as long as Proxy mode is enabled, so not for nginx standalone) by setting additional headers in the Common Apache settings section, with this format:
Access-Control-Allow-Origin: example1.com
Hello @Maghreb,
Thank you for sharing your user experience.
Your solution also works fine as a server-wide one.
However, the solution specified in the article is more flexible as allows more granular setting per domain.
How do we add this when using PLESK OBSIDIAN
@Kingsley Felix
Exactly the same method still applies.
How would you setup for multiple domains?
Hi @Marco Maranao,
Additional directives for Apache or Nginx can also be applied for Service Plans. In this case, the directives can be applied for multiple domains.
Please add directives in Plesk > Service Plans > plan_name > Web Server.
The examples given as a solution do not seem to match the situation
"Plesk to display content from example.org on example.com?"
I think the examples are showing the wrong way around. They allow content from example.com to be displayed in example.org. So should the introductory phrase not be
"Plesk to display content from example.com on example.org?"
Hello Peter Debik,
The "Access-Control-Allow-Origin" option allows getting access to the resources of the server for defined clients.
In that case, you are right. The next directive allows example.org to get resources from example.com:
Header set Access-Control-Allow-Origin "http://example.org"
Thank you for bringing our attention to this fact. We will review the article and fix it in order to make it more correct and clear.
Why do I get this error?
has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
I tried to add Header set Access-Control-Allow-Origin "https://example.org" but it didn't worked, i still get this error.
EDIT: I found it my self, it was already 2 times in the htaccess file, so I deleted one of the lines, and now it is working like a charm :D
Something weird I encountered in a Plesk where nginx act as a proxy for Apache :
I added
to nginx additional directives for website example.com whose static files (fonts, images) where called by example.org.
Everything's fine for these static resources till the developer told me about a problem with his plupload implementation : the xhr sent by plupload falls in a CORS error.
The solution was to quote the
he had put in his .htaccess.
It happens just as if htaccess instruction was in conflict with nginx instruction.
Note :
If .htaccess instruction is unquoted and the 'handle static resources by nginx' disabled and access control directive from nginx additional directives removed, the CORS error happens on plupload xhr and static files as well.
Wish I understood why such a behaviour
Please sign in to leave a comment.