Post by Joe1234 » Wed Nov 08, 2023 2:22 pm

I'm having a cors issue and my host can't seem to figure it out, and I'm hoping someone can point me in the right direction. I was literally on 3 separate chats at the same time for over an hour and they can't figure it out.

I have a problem with access control. I'm getting an error as if a value is already there, but I have no value setup in my htaccess. The header info is showing I have "a*" as the value for "Header set Access-Control-Allow-Origin" but I don't, and never have. I purged my cache, I deleted the htaccess and put a new one in with just "Header set Access-Control-Allow-Origin: *" and it still says "a*", only now it says I can't have two values being "a*" and "*". I opened up the developer console and I see it there, but I just don't know where it's coming from or how to find it, what file to look in to correct it.

When I don't put the 'Access-Control-Allow-Origin' in htaccess I get

Code: Select all

cors-tester.html:1 Access to XMLHttpRequest at 'https://website.com/' from origin 'https://myxml.in' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'a*'.
When I put the 'Access-Control-Allow-Origin' with a "*" in htaccess I get

Code: Select all

Access to XMLHttpRequest at 'https://website.com/' from origin 'https://myxml.in' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'a*, *', but only one is allowed
I have another test site and that seems to work with cors so I know it isn't a host/server issue. So how can I find this mysterious "a*"?

v3.0.3.8
I'm here for a reason, if your response is contact a/the developer, just don't reply.


Active Member

Posts

Joined
Sat Jan 01, 2022 5:47 am

Post by softmonke » Wed Nov 08, 2023 3:57 pm

Joe1234 wrote:
Wed Nov 08, 2023 2:22 pm
I'm having a cors issue and my host can't seem to figure it out, and I'm hoping someone can point me in the right direction. I was literally on 3 separate chats at the same time for over an hour and they can't figure it out.

I have a problem with access control. I'm getting an error as if a value is already there, but I have no value setup in my htaccess. The header info is showing I have "a*" as the value for "Header set Access-Control-Allow-Origin" but I don't, and never have. I purged my cache, I deleted the htaccess and put a new one in with just "Header set Access-Control-Allow-Origin: *" and it still says "a*", only now it says I can't have two values being "a*" and "*". I opened up the developer console and I see it there, but I just don't know where it's coming from or how to find it, what file to look in to correct it.

When I don't put the 'Access-Control-Allow-Origin' in htaccess I get

Code: Select all

cors-tester.html:1 Access to XMLHttpRequest at 'https://website.com/' from origin 'https://myxml.in' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value 'a*'.
When I put the 'Access-Control-Allow-Origin' with a "*" in htaccess I get

Code: Select all

Access to XMLHttpRequest at 'https://website.com/' from origin 'https://myxml.in' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'a*, *', but only one is allowed
I have another test site and that seems to work with cors so I know it isn't a host/server issue. So how can I find this mysterious "a*"?
Have you tried checking all the request and response headers in your browser developer console under "Network"?

Reach out to us at hello@softmonke.com for your OpenCart web development needs.


User avatar
Active Member

Posts

Joined
Tue May 23, 2023 4:42 am


Post by paulfeakins » Wed Nov 08, 2023 6:51 pm

Joe1234 wrote:
Wed Nov 08, 2023 2:22 pm
I was literally on 3 separate chats at the same time for over an hour and they can't figure it out.
So 3 separate tech support agents at the host were tweaking stuff on your server and none of them knew another was working on it? :laugh:

Seriously Joe don't do stuff like that :laugh:

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by ADD Creative » Wed Nov 08, 2023 10:36 pm

Try doing the request on a static file, e.g. example.com/robots.txt. It would maybe at least eliminate the possibility the header is been added in PHP.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by Joe1234 » Thu Nov 09, 2023 2:30 pm

@softmonke
Yes, that's where I checked as well to see that there are two access control set. one for "a*" and the other for "*".

@paul
I know, this is the first time I've done this. But I'm sooo used to them telling me it is a developer issue and having to restart a chat multiple times until I get someone that actually does the work to find it on their end, I just didn't want to bother with it this time. Juggling them was a headache in itself. For the FIRST time they were right and it was a developer issue.

@ADD_Creative
That helped

So it seems that an extension I probably installed when first starting out on the OC journey or one of the 4 developers I let in my site changed the main index and added:

Code: Select all

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
Luckily I had a beta site that was a clone of the main because I had to tear the whole thing down to find this to the point I might as well scrap it and install 3.0.3.9 and build that up as the beta to see how it works with the extensions. A horrible blessing in disguise smh.

v3.0.3.8
I'm here for a reason, if your response is contact a/the developer, just don't reply.


Active Member

Posts

Joined
Sat Jan 01, 2022 5:47 am
Who is online

Users browsing this forum: Bing [Bot] and 29 guests