htaccess Access-Control-Allow-Origin

.htaccess cors cross-domain

Tzook Bar Noy · Nov 16, 2012 · Viewed 347.2k times · Source

I'm creating a script that loads externally on other sites. It loads CSS and HTML and works fine on my own servers.

However, when I try it on another website it displays this awful error:

Access-Control-Allow-Origin

Here you can see it loads perfectly: http://tzook.info/bot/

But on this other website it shows the error: http://cantloseweight.co/robot/

I uploaded the loading script to jsfiddle: http://jsfiddle.net/TL5LK/

I tried editing the htaccess file like this:

<IfModule mod_headers.c>    
    Header set Access-Control-Allow-Origin *
</IfModule>

Or like this:

Header set Access-Control-Allow-Origin *

But it still doesn't work.

Answer

Try this in the .htaccess of the external root folder :

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>

And if it only concerns .js scripts you should wrap the above code inside this:

<FilesMatch "\.(js)$">
...
</FilesMatch>