LiveChat
Support
Blog
Affiliates
Cross-Origin Request Error (CORS)
If you see "Cross-Origin Request Blocked" or "No 'Access-Control-Allow-Origin' header is present" in your browser console, your website is making a request to a different domain that does not allow cross-origin access.
If Your Server Needs to Allow CORS
Add the following to your .htaccess file to allow requests from any origin:
Header set Access-Control-Allow-Origin "*"
For better security, restrict it to a specific domain instead of the wildcard:
Header set Access-Control-Allow-Origin "https://requestingdomain.com"
For API or Font Requests
If you are loading fonts or making API calls across domains, you may also need to allow specific methods and headers:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"
If the Error Is From a Third-Party Service
If the CORS error comes from a request to someone else's server, you cannot fix it from your side. The other server's administrator needs to add CORS headers on their end. As a workaround, you can create a simple PHP proxy script on your own server that fetches the data and serves it to your frontend without triggering a cross-origin restriction.
