Starting on October 19, 2021, we will enable single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
To be prepared for this change and to avoid the need to register during your next ticket submission after the change, we encourage you to create an account here before October 19 using the same email address as your current Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account. You will continue to use ZenDesk authentication until we switch over to single-sign-on on October 19th.

How to set up CORS (cross-origin resource sharing) in Plesk for Linux?

Follow

Comments

15 comments

  • Avatar
    Alex

    This actually worked for me, had to apply rule to both apache and nginx

    0
    Comment actions Permalink
  • Avatar
    Maghreb Services SARL

    Is this still the best way to enable CORS? In Plesk Obsidian we've been able to enable CORS for both Apache and nginx (as long as Proxy mode is enabled, so not for nginx standalone) by setting additional headers in the Common Apache settings section, with this format:

    Access-Control-Allow-Origin: example1.com

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Maghreb,

    Thank you for sharing your user experience.

    Your solution also works fine as a server-wide one.

    However, the solution specified in the article is more flexible as allows more granular setting per domain.

    0
    Comment actions Permalink
  • Avatar
    Kingsley Felix

    How do we add this when using PLESK OBSIDIAN 

    0
    Comment actions Permalink
  • Avatar
    Denis Bykov

    @Kingsley Felix
    Exactly the same method still applies.

    0
    Comment actions Permalink
  • Avatar
    Marco Maranao

    How would you setup for multiple domains?

    0
    Comment actions Permalink
  • Avatar
    Maxim Krasikov

    Hi @Marco Maranao,

    Additional directives for Apache or Nginx can also be applied for Service Plans. In this case, the directives can be applied for multiple domains.
    Please add directives in Plesk > Service Plans > plan_name > Web Server.

    0
    Comment actions Permalink
  • Avatar
    Peter Debik

    The examples given as a solution do not seem to match the situation

    "Plesk to display content from example.org on example.com?"

    I think the examples are showing the wrong way around. They allow content from example.com to be displayed in example.org. So should the introductory phrase not be

    "Plesk to display content from example.com on example.org?"

    0
    Comment actions Permalink
  • Avatar
    Mikhail Shport

    Hello Peter Debik,

    The "Access-Control-Allow-Origin" option allows getting access to the resources of the server for defined clients.

    In that case, you are right. The next directive allows example.org to get resources from example.com:

    Header set Access-Control-Allow-Origin "http://example.org"

    Thank you for bringing our attention to this fact. We will review the article and fix it in order to make it more correct and clear.

    0
    Comment actions Permalink
  • Avatar
    Bingo (Edited )

    Why do I get this error?

    has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.

    I tried to add Header set Access-Control-Allow-Origin "https://example.org" but it didn't worked, i still get this error.

    EDIT: I found it my self, it was already 2 times in the htaccess file, so I deleted one of the lines, and now it is working like a charm :D

    0
    Comment actions Permalink
  • Avatar
    Kernel Labs (Edited )

    Something weird I encountered in a Plesk where nginx act as a proxy for Apache :

    I added

    add_header 'Access-Control-Allow-Origin' '*'; 

    to nginx additional directives for website example.com whose static files (fonts, images) where called by example.org.

    Everything's fine for these static resources till the developer told me about a problem with his plupload implementation : the xhr sent by plupload falls in a CORS error.

    The solution was to quote the

    Header set Access-Control-Allow-Origin "*" 

    he had put in his .htaccess.
    It happens just as if htaccess instruction was in conflict with nginx instruction.

    Note :

    If .htaccess instruction is unquoted and the 'handle static resources by nginx' disabled and access control directive from nginx additional directives removed, the CORS error happens on plupload xhr and static files as well.

    Wish I understood why such a behaviour

    0
    Comment actions Permalink
  • Avatar
    Andrea Tadioli

    Hi,

    I need to set only one value:

    access-control-allow-origin: *

    and not 

    access-control-allow-origin: https://example.org

    How to?

    0
    Comment actions Permalink
  • Avatar
    Taras Ermoshin (Edited )

    Hello @Andrea Tadioli!

    You just need to replace the URL with *:

    for Apache:

    Header set Access-Control-Allow-Origin "*"

    for nginx:

    add_header 'Access-Control-Allow-Origin' '*';
    0
    Comment actions Permalink
  • Avatar
    Venkat (Edited )

    I have added this exactly as it says in both apache and ngnix but still having this issue.

    apache: Header set Access-Control-Allow-Origin "https://example.org"

    ngnix: add_header 'Access-Control-Allow-Origin' 'https://example.org';

     

    0
    Comment actions Permalink
  • Avatar
    Ikunyemi Ngor

    I added the following for both Apache and Ngnix but to no avail:

    Apache: Header set Access-Control-Allow-Origin "*"

    Ngnix: add_header 'Access-Control-Allow-Origin' '*';

    I was able to resolved the CORS issue by disabling Apache http2 module from the this instruction and removing all traces of Header set Access-Control-Allow-Origin "*" in project .htaccess files.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request