[SOLVED] CORS: https://somesite.de VS https://www.somesite.de problem

support
1

i have a website running with nginx, i use hugo to create the static files. the baseurl is https:// www.somesite.de but when i go to that without www, it clashes because of CORS and a lot of resources can not be loaded.
so i am wondering whats the best way to solve that. i do not like a redirection from https:// to https://www with nginx. anyone an idea how to get that solved?

Access to Font at ‘…/fonts/fontawesome-webfont.woff2?v=4.4.0’ from origin ‘…’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘…’ is therefore not allowed access.

I do not want to add Access-Control-Allow-Origin ‘*’; because of security reasons.

unfortunately discourse blocks more than 2 urls, so i had to replace them with … - very intelligent to implement such blocking sh…

2

This is the sort of problem one encounters when the www is entered in the baseURL.

You either remove the www from the baseURL or redirect to one https version of your site. There is no way around it from what I know.

3

Also, you don’t need to add Access-Control-Allow-Origin ‘*’;

It can be the domain you wish to allow access.

4

Changed the baseurl to somesite.de and added in nginx the following part:
location ~* .(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin ‘https://www.somesite.de’;
}

seems to work, thanks for the info

1 Like