Not working due to cross origin headers

I have a tricky problem I can’t figure out solution for that is stopping multisite theme manager from working. I am using cloudflare flexible SSL so I have my sites url using the www like “https://www.domain.com” but the actual site url is “domain.com” so subsites are “subsite.domain.com” and not “subsite.www.domain.com”.

Everything works fine but it seems that WordPress will forward the network admin panel to https://domain.com (without the www). This causes a problem because the plugin is trying to load scripts and work with the www domain so it wont work due to cross domain policy.

I have granted support access. To reproduce this error go to themes inside the network admin and then click “edit details” and try to add a new category. Look in javascript console and you will see the cross domain error.

I have tried to fix this by using a htaccess rule:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^yourdomain.com [NC]
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [L,R=301]

The problem with this is that when this rule is active, network level actions like creating a subsite dont work and I get the “are you sure you want to do this?” message because internally wordpress seems to want the domain to be https://domain.com.

I also gave this rule a quick go:

<IfModule mod_headers.c>
<FilesMatch ".(php|js)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>

I know this is a bad idea but I wanted to see if it worked but I think my webhost doesn’t allow this as it didn’t change anything.

Getting everything working smoothly with cloudflare flexible SSL has been a bit of a pain but right now everything is working perfectly apart from plugins that effect the network admin page.

Any ideas on how to fix this?

  • Michael Bissett
    • Recruit

    Hey Mike, Michael here!

    The trick here is that the admin URL for your main site (which is what Multisite Theme Manager is referencing, via the admin_url function) has www forced, and there’s no network equivalent version of admin-ajax.php (there’s talk of it, but no implementation of it).

    The plugin code could be altered to fit this, granted, but I would like to ask how essential it is to have www in the address, if I may. If it’s really essential, then you’ll want to edit this:

    multisite-theme-manager/multisite-theme-manager.php

    Changing line 283 from this:

    'ajax_url' => admin_url( 'admin-ajax.php', $protocol ),

    To this:

    'ajax_url' => '//domain.com/wp-admin/admin-ajax.php',

    This is not my first option, and it’s something you’re going to have to re-apply each time the plugin’s updated. But that’s a way you can try to get around this.

    Kind Regards,

    Michael

  • Mike
    • The Bug Hunter

    Hi Michael,

    Thanks for getting back to me.

    I am using cloudflare flexible SSL and I remember having an issue that was related to not having the WWW in the URL but I can’t remember exactly what is was. As soon as I change something to fix one thing it opens up an issue in another thing. I’ve been in circles a few times now.

    I will set the site back to not using the www and see what breaks then report back :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.