Bruce Gust
asked on
My CSS files are being blocked by a CORS policy. How do I fix that?
Here's my homepage (http://new.brucegust.com/):
If I go to the "Dashboard" (after you login):
I lose my pink header as well as some styling.
When you pop the hood, you see this error:
Access to CSS stylesheet at 'http://nomas.site/assets/bodybg/bg1.css' from origin 'http://new.brucegust.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.
nomas.site/assets/bodybg/bg1.css:1 Failed to load resource: net::ERR_FAILED
home:1 Access to CSS stylesheet at 'http://nomas.site/assets/color/pink.css' from origin 'http://new.brucegust.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.
nomas.site/assets/color/pink.css:1 Failed to load resource: net::ERR_FAILED
home:1 Access to CSS stylesheet at 'http://nomas.site/assets/bodybg/bg1.css' from origin 'http://new.brucegust.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.
home:1 Access to CSS stylesheet at 'http://nomas.site/assets/color/pink.css' from origin 'http://new.brucegust.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.
So, for some reason, some of my CSS files are being blocked by a CORS policy.
What is that, why does it not show up on other pages and how do I fix it?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You're referencing files as https:// protocol, rather than https:// so CORS will fail.
The fix...
Change all URLs to //path-to-file, so no http:// + no https:// + no host/domain name.
If you use this policy, then your CORS problems will disappear + also site migration (changing host/domain name) will be trivial.