CORS wierd problem

Hi again :slight_smile:

I hope this time any one can answers me :sweat_smile:

I recorded this --> video <-- to explain my problem.

when I navigates from link to another sometimes CORS error fires and prevent fetching of this page

image

I tried many options to enable the CORS as https://github.com/ahmadawais/WP-REST-Allow-All-CORS plugin

OR

adding code in functions.php file

// Hook.
add_action( 'rest_api_init', 'wp_rest_allow_all_cors', 15 );
/**
* Allow all CORS.
*/
function wp_rest_allow_all_cors() {
    // Remove the default filter.
    remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
    // Add a Custom filter.
    add_filter( 'rest_pre_serve_request', function( $value ) {
        header( 'Access-Control-Allow-Origin: *' );
        header( 'Access-Control-Allow-Headers: *' );
        header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
        header( 'Access-Control-Allow-Credentials: true' );
        return $value;
    });
}

But without any help.

PLEASE help me guys.

Hi @modyydom

  1. Could you post the code in your component that you are having problems with?

  2. Are you sure that the links are redirecting to the correct URL? In your video I noticed in the console that the data has a value of {is404: true} when you click on one of the hyperlinks. It would also be helpful if you could rerecord the screencast with the URL visible in the browser.

  3. I see that you are making the request from localhost to a remote server (which I assume is your production or staging environment). Could you confirm for me that the changes that youā€™ve been making to your backend (e.g in the .php file) are actually being deployed to that environment?

Itā€™s hard to tell whatā€™s wrong without knowing whatā€™s going on in your WP but here are some ideas:

Check the headers of those responses to see if CORS headers are present. As an example, when requesting https://test.frontity.io/wp-json/wp/v2/pages?_embed=true&slug=about-us these are the headers I get:


I think this is the default behavior.

If those headers are not present then the code you added to functions.php isnā€™t working. Why? Iā€™d guess something is overriding those headers.

Try to see what filters are making use of that same hook in case one of them comes after yours and changes that. I simple test would be to add to your functions.php something like this:

add_action( 'rest_api_init', function() {
    global $wp_filter;
    var_dump($wp_filter['rest_pre_serve_request']);
}, 99 );

This will print on the responseā€™s body something like:

object(WP_Hook)#251 (5) {
  ["callbacks"]=>
  array(1) {
    [10]=>
    array(2) {
      ["_oembed_rest_pre_serve_request"]=>
      array(2) {
        ["function"]=>
        string(30) "_oembed_rest_pre_serve_request"
        ["accepted_args"]=>
        int(4)
      }
      ["rest_send_cors_headers"]=>
      array(2) {
        ["function"]=>
        string(22) "rest_send_cors_headers"
        ["accepted_args"]=>
        int(1)
      }
    }
  }
  ["iterations":"WP_Hook":private]=>
  array(0) {
  }
  ["current_priority":"WP_Hook":private]=>
  array(0) {
  }
  ["nesting_level":"WP_Hook":private]=>
  int(0)
  ["doing_action":"WP_Hook":private]=>
  bool(false)
}

Where you can see the callbacks registered to act on that hook.
If everything looks fine there the overriding might be happening somewhere else.

You can also try to hook your code in functions.php to rest_pre_echo_response which I think is the last hook before the response is sent:

add_action('rest_api_init', 'my_prefix_wp_rest_allow_all_cors');

function my_prefix_wp_rest_allow_all_cors() {
    add_filter( 'rest_pre_echo_response', function( $value ) {
        header( 'Access-Control-Allow-Origin: *' );
        header( 'Access-Control-Allow-Headers: *' );
        header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
        header( 'Access-Control-Allow-Credentials: true' );
        return $value;
    });
}

Hope anything of this helps.

3 Likes

YOU ARE THE BEST

thank you very muck @orballo

:ok_hand: :+1: :muscle: :heart:

1 Like

Sorry for that @orballo

but the error appears again

this time I noticed something weird

the rejected request is missing many headers

valid request :

invalid request:

I donā€™t know if this has any significance ??

Do the posts and pages from before work now? Or is it still the same error?

If not, what are you trying to call? Can you post here the failing request?

if you are on page http://localhost:3000/ and then clicked on a link with href="/about-us/" the error appears

the request is
http://wp-local.com/wp-json/wp/v2/pages/?_embed=true&slug=about-us

I run into a similar problem and I realised it was because I was working on localhost, maybe itā€™s your case too. I guess your web is only able to show the pages and posts that have been fetched from the server. The ones you try to fetch from localhost return that error.

In order to ā€œsolveā€ it I installed this Chrome extension, moesif, and turned it to on. It doesnā€™t solve the problem but it lets you see the whole web from local. Once you deploy your app to a real domain, the CORS problems should be solved. You could test it by deploying it to a different domain than the real one (like the one Zeit Now gives you by default, mysite.now.sh).

This guy here explains it much better.

Not sure if itā€™s your case, let us know if you find it helpful.

1 Like

This is really a very frustrating error.

thanks guys for all this support :star_struck:

It looks like the path of the failing request is not /pages but /. And for what I know the only calls that should be done are to /posts and /pages, so it looks like you are doing an extra request for some reason that is failing.

Can you post the code where you are doing this fetchs? Is it in a Link component? Are you doing it manually from somewhere else? Did you wrote any custom handler on your Frontity project that might be interfering?

EDIT: I see you marked @SantosGuillamot response as solution. Is it working now?

Weā€™ve seen this problem too last week.

It looks like WordPress returns an error for urls ending with a slash:
...wp/v2/posts/?_embed...
and it doesnā€™t return an error for urls not ending with a slash:
...wp/v2/posts?_embed...

@modyydom could you please confirm if thatā€™s the case? The Chrome devtools in our case looked identical to yours. And if thatā€™s the case, where are you hosting your WP? Is it a one-click install of DigitalOcean?

Hi @luisherranz

In my case it is completely the opposite :sweat_smile:

you can see that with slash it is ok and without it throws an error

Iā€™m using Local by FlyWheel as my wordpress server that runs nginx

I donā€™t know it these info is helpful

BUT thank you for your care guys, you are the greatest.

Ok, I see, thanks.

Maybe itā€™s a problem with the 301 redirections of Apache/Nginx (in our case we use Apache) not having the CORS headers.

  • Apache/Nginx find a URL without ending slash.
  • It returns a 301 redirect to the same URL with ending slash.
  • The CORS header are added in WordPress, but the 301 redirect never reaches WordPress because itā€™s done by Apache/Nginx.
  • The response receive by Chrome doesnā€™t contain CORS and Chrome stops the request.

This is only a hypothesis, I havenā€™t tested it, but itā€™s the only explanation that comes to my mind right now.

What happens if you add the CORS headers in Nginx instead of in WordPress? Does it solve the issue?

     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Headers' '*';
        add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS, PUT, DELETE';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
     }

https://enable-cors.org/server_nginx.html

@modyydom Iā€™ve been able to reproduce the problem. Itā€™s something going on with the REST API - Head Tags plugin. If you turn it off, it should work again.

Weā€™re going to investigate the issue, open a bug and solve it as soon as possible.

1 Like

Exactly, I can confirm That.

Every many CORS errors are working well now, BUT not all especially when moving from page to another.

Thanks and I really hope to be solved :rocket:

1 Like

Can you please share the issue ticket here so I can subscribe to it as I canā€™t find it on github

Thanks in advance @luisherranz :smiley:

Hi, Iā€™d the same problem (we talked 'bout that here => Categories, Tags and Author archive gone to 404 error).

Iā€™ve find out two things:

  • the Rest API plugin problem, as luisherrant already said
  • some operations on WP REST that broke CORS

In fact, Iā€™d a custom function active on many installation, that I totally forgot, that was meant to add some rest functionality, but in fact it added some CORS headers that locked some interaction in a silly way as is doing on you.

Try disabling all plugins, mu-plugins and custom theme to check if thereā€™s something that is going on in your installation.

Iā€™d a similar problem even on a blank installation, but, as I said in the other post, the problem is related to the category SLUG that must be ā€œcategoryā€ to let Frontity fetch categories data, not CORS.

Screenshot_20200126_184540

1 Like

Here you have it: https://github.com/frontity/wp-plugins/issues/20

1 Like

You can change it using categoryBase :slight_smile:

Iā€™ve answered to you in the original post: Categories, Tags and Author archive gone to 404 error

1 Like

Hey, we have fixed the issue and released a new version. :rocket:

@modyydom, could you update the REST API - Head Tags plugin and check if the errors appear now?

2 Likes