Looking at an evaluation of Multi-Store 4.3.5 and in particular at embedding the store in an external webpage via widget mode.
For the most part all is well other than some of the small icons not displaying on the embedded version of the site. When I inspect (in Google) I get:
Font from origin [source site]' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin [external site] is therefore not allowed access.
There is quite a lot on this generic error on the internet and I can see that a common solution involves ensuring that values are specified in .htaccess - in fact there is already a suitable entry in my .htaccess file on the main evaluation site.
However, the source site is a subordinate site of my main site, created as a subdomain of my main evaluation site domain. As such, it doesn't have files and such as the main site does. I'm therefore not clear where the external target would take the .htaccess instructions from and if I have the right file(s) in the right place(s).
I'm absolutely no expert in this area so would appreciate some guidance on what I need to put where to allow the externally embedded version of the source site display properly.
Looking at an evaluation of Multi-Store 4.3.5 and in particular at embedding the store in an external webpage via widget mode.
For the most part all is well other than some of the small icons not displaying on the embedded version of the site. When I inspect (in Google) I get:
Font from origin [source site]' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin [external site] is therefore not allowed access.
There is quite a lot on this generic error on the internet and I can see that a common solution involves ensuring that values are specified in .htaccess - in fact there is already a suitable entry in my .htaccess file on the main evaluation site.
However, the source site is a subordinate site of my main site, created as a subdomain of my main evaluation site domain. As such, it doesn't have files and such as the main site does. I'm therefore not clear where the external target would take the .htaccess instructions from and if I have the right file(s) in the right place(s).
I'm absolutely no expert in this area so would appreciate some guidance on what I need to put where to allow the externally embedded version of the source site display properly.
While the following directive is set up in the .htaccess file of the store installation:
Header set Access-Control-Allow-Origin "*"
the Access-Control-Allow-Origin header is not sent. Please make sure that the mod_headers module is installed on the server. We recommend you to consult the server administrators regarding this point.
Thank you for the assistance. I have checked and the module was installed:
[root@srv ~]# httpd -t -D DUMP_MODULES | grep header
Syntax OK
headers_module (shared)
Is there anything else I can try?
Given that the error message says:
Font from origin 'http://vendor2.cscart.xxxx.xx.xx'has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://xxx.xxxxxxx.xx.xx' is therefore not allowed access.
...and that the subdomain vendor2.cscart...etc doesn't have folders of its own and therefore anywhere the .htaccess file can be placed, would this have anything to do with it? Or will the target site use the .htaccess file at the top level of the folder structure for the parent domain?
In other words, let's say I set up test.co.uk and use it to house the main instance of CS-Cart. I then set up a subdomain vendor.test.co.uk and reference it back to test.co.uk. Where will the target site - external.co.uk - look for the .htaccess file? test.co.uk (where it does exist) or vendor.test.co.uk (which is pointing back to test.co.uk)?
Found the answer in conjunction with my server folks:
This is a per domain configuration in nginx.
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}