Cross-Origin XMLHttpRequest

When activating the mdp-connect plugin, I received an error that wouldn’t allow files loaded from other domains. Here’s how I fixed it.

Here’s the initial error I received on the page that needed to load files via JavaScript:

Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

To fix it, add the following to your .htaccess file to allow these files to be loaded from other domains:

<IfModule mod_headers.c>
  <FilesMatch "\.(css|js|json|xml|html)$">
    Header set Access-Control-Allow-Origin "*"

In that bit of code I’m allowing files with the specified extensions. You can add/remove from that as needed.

This code has been added (in this example) to the .htaccess for both and I recommend this be added by default moving forward.

By Sharon

Hello there! I'm a web developer in Louisville, Kentucky. I started on this career path by purchasing an O’Reilly PHP book from Barnes & Noble in 1999. Since then, my desire to learn as much as I can about web site building and server maintenance has grown. I love technology and what it can do to simplify our lives and make it more interesting all at the same time. Seeing a creative design come to life and bringing it into the web world is my favorite puzzle to solve. My server experience is based around launching WordPress-friendly servers — Linux (Ubuntu and Centos flavors), Apache, MySQL, and PHP. I have worked with various modules, extensions, installs such as ImageMagick, LetsEncrypt, Sass, LESS, and the Homebrew family of extension. My main love has been with PHP, and my CMS of choice has been WordPress since its inception in 2003. I find it flexible, secure, easy to design around, and so customizable. My strengths are in developing from-scratch plugins and themes for the WordPress CMS with a strong background in PHP and MySQL development.

Leave a comment

Your email address will not be published. Required fields are marked *