Hi
I am having issues with the “Access-Control-Allow-Origin”.
I use _headers file for my cors which has always worked fine.
I now have “has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.” messages.
I have read other posts etc and added in the below, but it still doesnt work. I have tried it at the top or bottom of the _headers file and still is the same.
my _headers file is like the below, I have removed the headers line as has all my domains in it, but my is the origin line not working?
I have tried it just with * or “*” variations but doesn’t work.
/*
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: frame-src 'self' https://form.jotform.com https://*.example.com
Access-Control-Allow-Origin: *
Thanks in advance.