Not working due to cross origin headers

I have a tricky problem I can’t figure out solution for that is stopping multisite theme manager from working. I am using cloudflare flexible SSL so I have my sites url using the www like “” but the actual site url is “” so subsites are “” and not “”.

Everything works fine but it seems that WordPress will forward the network admin panel to (without the www). This causes a problem because the plugin is trying to load scripts and work with the www domain so it wont work due to cross domain policy.

I have granted support access. To reproduce this error go to themes inside the network admin and then click “edit details” and try to add a new category. Look in javascript console and you will see the cross domain error.

I have tried to fix this by using a htaccess rule:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^ [NC]
RewriteRule ^(.*)$$1 [L,R=301]

The problem with this is that when this rule is active, network level actions like creating a subsite dont work and I get the “are you sure you want to do this?” message because internally wordpress seems to want the domain to be

I also gave this rule a quick go:

<IfModule mod_headers.c>
<FilesMatch ".(php|js)$">
Header set Access-Control-Allow-Origin "*"

I know this is a bad idea but I wanted to see if it worked but I think my webhost doesn’t allow this as it didn’t change anything.

Getting everything working smoothly with cloudflare flexible SSL has been a bit of a pain but right now everything is working perfectly apart from plugins that effect the network admin page.

Any ideas on how to fix this?

  • Michael Bissett
    • Recruit

    Hey Mike, Michael here!

    The trick here is that the admin URL for your main site (which is what Multisite Theme Manager is referencing, via the admin_url function) has www forced, and there’s no network equivalent version of admin-ajax.php (there’s talk of it, but no implementation of it).

    The plugin code could be altered to fit this, granted, but I would like to ask how essential it is to have www in the address, if I may. If it’s really essential, then you’ll want to edit this:


    Changing line 283 from this:

    'ajax_url' => admin_url( 'admin-ajax.php', $protocol ),

    To this:

    'ajax_url' => '//',

    This is not my first option, and it’s something you’re going to have to re-apply each time the plugin’s updated. But that’s a way you can try to get around this.

    Kind Regards,


  • Mike
    • The Bug Hunter

    Hi Michael,

    Thanks for getting back to me.

    I am using cloudflare flexible SSL and I remember having an issue that was related to not having the WWW in the URL but I can’t remember exactly what is was. As soon as I change something to fix one thing it opens up an issue in another thing. I’ve been in circles a few times now.

    I will set the site back to not using the www and see what breaks then report back :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.