WordPress.org

Make WordPress Core

Opened 15 months ago

Closed 15 months ago

Last modified 15 months ago

#46381 closed defect (bug) (worksforme)

WordPress multisite API CORS issue with headers (v5)

Reported by: kacalica Owned by:
Milestone: Priority: normal
Severity: trivial Version:
Component: REST API Keywords:
Focuses: rest-api Cc:

Description

When trying to call the API for posts in the new WordPress version I keep getting this error.

Access to fetch at 'http://XXX.XXX.XXX.XX/firstcivdivcareers/wp-json/wp/v2/posts/' from origin 'http://localhost:9000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

Happens even when I include the headers manually through the functions.php in the theme.

https://stackoverflow.com/questions/54890718/multisite-wordpress-api-cors-issue-with-headers-set-in-theme-v5

Originally, I believed I was doing something wrong but exhausted all options and realized it's not my multisite configuration after starting from a single site and doing a fresh install with no changes.

API should be callable otherwise it's not a useful. So I believe this is a bug due to the new upgrade in version 5. If it is I suspect plugins and sites which use the API will be breaking so I set this to major but not severe.

Adding my original SO question here for more details: https://stackoverflow.com/questions/54890718/multisite-wordpress-api-cors-issue-with-headers-set-in-theme-v5

Change History (6)

#1 @elrae
15 months ago

Can you visit the URL http://XXX.XXX.XXX.XX/firstcivdivcareers/wp-json/wp/v2/posts/ directly in your browser and get a response? If so, check to make sure it's not redirecting you to another page or needs authentication. Visit this URL when you're not logged into the admin to rule out permission issues. To verify the response of that, open chrome inspect tools, click on the network tab, load the wp-json page above, and look in the Status column. It should return a 200 status, anything else and you have issues.

Alternatively, you can try adding the following directive to your .htaccess file:

Header set Access-Control-Allow-Origin "*"

#2 @earnjam
15 months ago

The error implies it is redirecting to a different origin. So the headers wouldn’t matter in this case. For more info, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed

You need to get rid of the redirect or point your fetch code at the destination instead.

#3 @kacalica
15 months ago

Hmm okay but why is it redirecting only when I try to reach it through fetch()/XMLHTTPREQUESTS ?
Like I said this is happening from a fresh install with nothing special being done.
Shows up in my codepen as well.

Seems like direct browser requests will render but any XMLHTTPREQUESTS are getting redirected.

I'll double check on my head and attempt to see where it redirects to.

#4 @kacalica
15 months ago

Okay, so I actually just took down my server and re-did the whole process of installation with a new IP address and that fixed it.
Must have been some weird caching issue on my side. But testing with multisite and it works fine on mine. Sorry about that and thank you guys for the responses.

#5 @kacalica
15 months ago

  • Resolution set to worksforme
  • Severity changed from major to trivial
  • Status changed from new to closed

#6 @desrosj
15 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.