API Request has been blocked by CORS policy

Thank you for reaching out to us. I understand how frustrating CORS issues can be, especially after you’ve taken steps to configure the plugin correctly.

I wanted to let you know that we did test our plugin’s compatibility with the JWT Auth – WordPress JSON Web Token Authentication plugin, and unfortunately, it seems there are some compatibility issues. We’ve noted your issue and will prioritize making our plugin compatible in a future sprint.

In the meantime, here are some steps I would take if I were in your position:

1. Check Plugin Configuration:
   • Ensure that https://www.shirksllc.com and https://shirksllc.com/ is listed as an allowed origin and that the appropriate methods (GET, POST, etc.) are allowed.
2. Check Server Configuration:
   • If you’re using Nginx, make sure the server configuration includes the necessary Access-Control-Allow-Origin headers. For Nginx, you would need to update the server block configuration.
3. Verify WordPress Rest API Headers:
   • Ensure that the REST API endpoints, particularly https://shirksllc.net/wp-json/jwt-auth/v1/token/validate, are returning the correct CORS headers. This might involve adding custom headers through your theme’s functions.php or using a plugin to modify the response headers.
4. Cross-Domain Setup:
   • Since your frontend (https://www.shirksllc.com) and backend (https://shirksllc.net) are on different domains, consider setting up a proxy in your frontend application to route API requests through the same domain.
5. Caching Issues:
   • Sometimes, caching plugins or server-side caching can interfere with headers. Try clearing your cache to ensure that the correct headers are being sent.

If you prefer, you can uninstall our plugin and leave a one-star review—we completely understand your frustration and appreciate your feedback as it helps us improve.

That all sounds great but I’m not too experienced with CORS stuff so could you give me some more specific steps? I’ll try to give you some more context too.

Sometimes the CORS works and sometimes it doesn’t. So for example my cart fetch is authenticated. Sometimes the CORS headers are there and it fetches correctly. And other times it says I’m missing a CORS header. So it’s not consistent.

I also added this code below to my theme’s functions.php

function add_cors_http_header(){
header(“Access-Control-Allow-Origin: *”);
}
add_action(‘init’,’add_cors_http_header’);

It sounds like your CORS issue is intermittent, which can be particularly frustrating to debug. Let’s walk through some specific steps to help address the problem.

1. Ensure Headers Are Consistently Set:
   The code you added to your functions.php file is a good start, but it might not be hooked into the right action. The init hook may be too early in the WordPress lifecycle, which could lead to inconsistent header behavior. Try switching to the send_headers action, which is specifically designed to modify headers:

   function add_cors_http_header() {
       header("Access-Control-Allow-Origin: https://www.shirksllc.com");
       header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
       header("Access-Control-Allow-Headers: Content-Type, Authorization");
   }
   add_action('send_headers', 'add_cors_http_header');

This will ensure that CORS headers are attached at the right point in the request lifecycle.

2. Double-Check for Caching:
   Caching is a common culprit when it comes to inconsistent behavior. If you have any caching plugins or server-side caching enabled, try clearing them. It’s possible that old responses (without the correct CORS headers) are being served from the cache.
3. Check for Conflicting Plugins:
   Some security or performance plugins can also affect header responses. Temporarily deactivate other plugins (e.g., caching, security) and see if the issue persists. If CORS behaves consistently after disabling certain plugins, you may need to adjust those plugins’ settings.

Additionally, please wait for the next sprint, as we will make sure our plugin is compatible with the JWT Auth – WordPress JSON Web Token Authentication plugin. Or you can hire a freelancer to resolve this issue.

I have another idea. It appears every time I get this error, it is also paired with this one. https://shirksllc.net/wp-json/jwt-auth/v1/token/validate net::ERR_FAILED 429 (Too Many Requests)

Could that mean it is a separate wordpress issue I need to resolve with someone else?

Based on what you’ve shared, it looks like the ERR_FAILED 429 (Too Many Requests) error is related to the connection between your frontend site (https://www.shirksllc.com) and backend site (https://shirksllc.net). This error typically means that the backend site is receiving too many requests in a short period of time and is temporarily blocking further requests as a precaution.

Does This Require Action from Someone Else?

Yes, this could be an issue with how the backend WordPress site is configured, but it’s not something you need to handle directly. Here’s what you can do:

1. Talk to Your Frontend Developer: The 429 error may be caused by too many requests being sent from the frontend site to the backend. Your frontend developer can review how often requests are being made to the backend and whether these requests can be optimized or spaced out to avoid triggering the limit.
2. Reach Out to Your Backend Host/Support: If needed, you can also check with the hosting provider or the team managing the backend site (https://shirksllc.net). They may have rate-limiting or security settings that could be adjusted to allow more requests.

Plugin and CORS:

While our plugin helps resolve CORS issues (related to allowing communication between the two sites), the 429 error is specifically related to too many requests being sent. It’s something that can be managed with adjustments to the request frequency or the server’s settings.

Feel free to forward this information to your developer or hosting provider.