WordPress.org

Make WordPress Core

Opened 9 months ago

Closed 9 months ago

Last modified 8 months ago

#46381 closed defect (bug) (worksforme)

WordPress multisite API CORS issue with headers (v5)

Reported by: kacalica Owned by:
Milestone: Priority: normal
Severity: trivial Version:
Component: REST API Keywords:
Focuses: rest-api Cc:
PR Number:

Description

When trying to call the API for posts in the new WordPress version I keep getting this error.

Access to fetch at 'http://XXX.XXX.XXX.XX/firstcivdivcareers/wp-json/wp/v2/posts/' from origin 'http://localhost:9000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

Happens even when I include the headers manually through the functions.php in the theme.

https://stackoverflow.com/questions/54890718/multisite-wordpress-api-cors-issue-with-headers-set-in-theme-v5

Originally, I believed I was doing something wrong but exhausted all options and realized it's not my multisite configuration after starting from a single site and doing a fresh install with no changes.

API should be callable otherwise it's not a useful. So I believe this is a bug due to the new upgrade in version 5. If it is I suspect plugins and sites which use the API will be breaking so I set this to major but not severe.

Adding my original SO question here for more details: https://stackoverflow.com/questions/54890718/multisite-wordpress-api-cors-issue-with-headers-set-in-theme-v5

Change History (6)

#1 @elrae
9 months ago

Can you visit the URL http://XXX.XXX.XXX.XX/firstcivdivcareers/wp-json/wp/v2/posts/ directly in your browser and get a response? If so, check to make sure it's not redirecting you to another page or needs authentication. Visit this URL when you're not logged into the admin to rule out permission issues. To verify the response of that, open chrome inspect tools, click on the network tab, load the wp-json page above, and look in the Status column. It should return a 200 status, anything else and you have issues.

Alternatively, you can try adding the following directive to your .htaccess file:

Header set Access-Control-Allow-Origin "*"

#2 @earnjam
9 months ago

The error implies it is redirecting to a different origin. So the headers wouldn’t matter in this case. For more info, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed

You need to get rid of the redirect or point your fetch code at the destination instead.

#3 @kacalica
9 months ago

Hmm okay but why is it redirecting only when I try to reach it through fetch()/XMLHTTPREQUESTS ?
Like I said this is happening from a fresh install with nothing special being done.
Shows up in my codepen as well.

Seems like direct browser requests will render but any XMLHTTPREQUESTS are getting redirected.

I'll double check on my head and attempt to see where it redirects to.

#4 @kacalica
9 months ago

Okay, so I actually just took down my server and re-did the whole process of installation with a new IP address and that fixed it.
Must have been some weird caching issue on my side. But testing with multisite and it works fine on mine. Sorry about that and thank you guys for the responses.

#5 @kacalica
9 months ago

  • Resolution set to worksforme
  • Severity changed from major to trivial
  • Status changed from new to closed

#6 @desrosj
8 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.