Wordpress site origin has been blocked by CORS policy: no 'access-control-allow-origin' after migrating site to SSL (https) certificate

Question

0.00/5 (No votes)

See more:

I have just migrated a WordPress website from HTTP to HTTPS and few pages are not migrated properly because the content is blocked due to CORS policy. the problem is two sources to qualify CORS policy error are from the same domain but just its different in security level one is HTTPS and another is HTTP.

Access to Font at 'https://kitabee.in/wp-content/themes/academia/dist/fonts/montserrat/montserrat-regular-webfont.woff2' from origin 'http://kitabee.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://kitabee.in' is therefore not allowed access.

How to fix?

What I have tried:

I have searched on google and stackoverflow but everyone is providing tutorial either about "how to migrate WordPress site to https" or "how to fix CORS issue".

I tried myself searching in the code where I can change the link to https so the origin becomes same but unable to locate the location.

Please suggest where in the code or WordPress admin panel I should fix this

Posted 28-Oct-17 1:38am

Hitesh Rohilla

Updated 28-Oct-17 2:25am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Answer 1 · 2017-10-28T02:25:00

Solution 1

Don't have absolute links to resources (ie ones that have the domain in them too), use ones like '/wp-content/themes/academia/dist/fonts/montserrat/montserrat-regular-webfont.woff2' instead. That way it will use the same domain and protocol that the page requesting it is.

Posted 28-Oct-17 2:25am

F-ES Sitecore