Cross-Origin-Opener-Policy issue CDN domain JS CSS Blocked in Edit Story Screen

  • Resolved Paventhan

    (@paventhanpps)


    4 years ago

    Hello,

    Currently, I am using CDN domain in WP-Admin Screens for performance perspective.

    Web story plugin blocking CDN JS/CSS in “Add Edit Screen” screen and showing following error on Console.

    “Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep”

    As per my observation, Following header blocking Cross-origin resources.

    header( ‘Cross-Origin-Opener-Policy: same-origin’ );
    header( ‘Cross-Origin-Embedder-Policy: require-corp’ );

    Kindly guide us how to Fix this issue. Please suggest whether can we use CDN or not.

    Thanks in Advance.

    • This topic was modified 4 years ago by Paventhan.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Luckyna San

    (@luckynasan)

    4 years ago

    @paventhanpps Hello and thank you for reaching out.

    If a CDN has been set up for the site, you’ll need to make sure it has the appropriate CORS configuration set on your CDN to allow for these images to be shared from your CDN to your domain.

    Specifically, the Access-Control-Allow-Originheaders on the CDN needs to be set. For example Access-Control-Allow-Origin: *

    Please reach out to your website developer or hosting provider for guidance on how to configure this.

    Thread Starter Paventhan

    (@paventhanpps)

    4 years ago

    @luckynasan Thanks a lot for quick response.

    Do we have any other alternatives instead of using this Header “Access-Control-Allow-Origin” on the CDN.

    Also, wanted to know why these kind of restriction from such screen. I didn’t faced kind of issues any other places in WP-Admin.

    Thank you!

    Luckyna San

    (@luckynasan)

    4 years ago

    @paventhanpps Web Stories video optimization features require a feature called cross-origin isolation. For this to work, external resources being loaded from a different host need to provide an Access-Control-Allow-Origin header. If your site loads JavaScript files from a different subdomain then your CDN needs to provide this Access-Control-Allow-Origin response header for all these assets so the editor can fully access them programmatically.

    Thread Starter Paventhan

    (@paventhanpps)

    4 years ago

    @luckynasan Thanks for the response.

    When I trying to disable “Web Stories video optimization” from Stories->Settings,
    Its not updating with following response.

    AJAX request details,
    POST: /wp-json/web-stories/v1/users/me/?_locale=user
    Request Body:
    {“meta”:{“web_stories_media_optimization”:false}}
    Response:
    {“code”:”rest_user_invalid_id”,”message”:”Invalid user ID.”,”data”:{“status”:404}}

    Thank you!

    Luckyna San

    (@luckynasan)

    4 years ago

    @paventhanpps Could you confirm your WordPress User Role?

    Thread Starter Paventhan

    (@paventhanpps)

    4 years ago

    @luckynasan Its Multisite setup. I have logged in with Super Admin user which not assigned with any role of the current site. Once added with administrator role, user can disable “Web Stories video optimization” feature.

    Thanks a lot for the great support.

    • This reply was modified 4 years ago by Paventhan.
    Luckyna San

    (@luckynasan)

    4 years ago

    @paventhanpps You are right – only users with Administrator roles can change that feature. Glad to hear it worked out for you! If you are otherwise happy with the plugin, we’d love to hear any feedback you wish to share in a review.

    Feel free to open a new support topic should you require any additional support. Thanks again for your topic!

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Cross-Origin-Opener-Policy issue CDN domain JS CSS Blocked in Edit Story Screen’ is closed to new replies.