error 404 while saving the settings

@mehbubrashid Thank you for bringing these issues to my attention. I understand the concerns you have regarding the plugin’s behavior and the limitations it imposes. I apologize for any inconvenience caused.

Regarding the first issue with the incorrect URL, I agree that it is essential for the plugin to support different hosting configurations, including subfolders. I will investigate the issue and work on a fix that allows the plugin to handle requests properly in various hosting environments. Please note that resolving this issue may require some development work, so I appreciate your patience.

Regarding the second issue with the website URL field, I understand your point about the use of “*” to indicate all URLs for access control headers. While it is true that “*” is a valid wildcard character for such headers, the plugin’s validation may have stricter requirements to ensure proper functionality. However, I acknowledge that the default setting of “*” within the plugin itself creates inconsistency. I will review this behavior and consider adjusting the validation to align with common practices while maintaining security measures.

Thank you for bringing these matters to my attention. I assure you that I will prioritize addressing these issues and provide a solution that improves the plugin’s compatibility and usability. If you have any further questions or suggestions, please feel free to let me know.

• This reply was modified 1 year, 8 months ago by Dev Kabir.

Hi, thanks for your quick response! I tried the plugin and the first issue stopped me right away from using the plugin. Because the first screen comes up after activating the plugin is the settings screen and i cannot save the settings. So i had to deactivate it. I guess it will be the same for a lot of users.

A small suggestion: You can host the plugin in Github if you wish. I would be happy to make pull request and contribute. Thanks again.

@mehbubrashid After investigating your concerns and taking your feedback into account, I retested the plugin thoroughly. I’m pleased to inform you that I couldn’t identify any errors or issues during my testing. It appears that the plugin is functioning correctly without any noticeable problems.

could you please specify which version of the plugin you are currently using?

It would be helpful if you could provide the version number.

If possible, could you also try using the plugin here and let me know if you encounter any specific error messages or issues?

Your feedback will assist me in understanding the problem more accurately and finding the appropriate solution.

@mehbubrashid for your second suggestion,

When you set the “Access-Control-Allow-Origin” header to “*”, it means that any website can send a request to your WordPress site and access the server’s response. This can be a potential security risk, especially if you have implemented authentication or authorization measures that rely on browser-provided elements like cookies or sessions.

The risk is higher when you allow resource sharing for all resources on your site, rather than only selected ones. However, it’s important to understand that using “Access-Control-Allow-Origin: *” is generally safe for most resources, unless those resources contain private data protected by means other than standard credentials like cookies, HTTP basic authentication, or TLS client certificates.

Considering the fact that WordPress websites are often targeted by brute force attacks, it may be advisable for WordPress users and developers to avoid allowing users to choose the “*” origin option.

Dear @mehbubrashid,

I hope this message finds you well! I wanted to inform you about the latest update for the enable-cors plugin. As per your second suggestion, I have made a significant change to the origin field. Specifically, I have eliminated the URL validation requirement, providing you with a smoother experience. If you have any further suggestions or need any assistance, please feel free to reach out. I value your feedback and are here to support you.

Hi, i am glad to know you have fixed the second issue. Thanks!

However, i have installed the plugin just now and the first issue is still there. I guess you did not test it after hosting your site in a subfolder. In my case: (localhost/etoiles).

notice the screenshot:- its sending request to localhost/wp-json which is not valid. it should send request to localhost/etoiles/wp-json.

New issue: i can see a new notice saying please update your permalink settings to Post name whereas my permalink settings is already set to post name.

I appreciate your valuable input, @mehbubrashid, and thank you for contacting me regarding the recent fix. I am pleased to learn that the second issue has been successfully resolved to meet your expectations. However, I sincerely apologize for any inconvenience you may be facing with the first issue.

Just to clarify, both of the errors you mentioned earlier are related to the same first issue. It’s important to note that currently I do not have any plans to modify the API URL structure for subfolders, as this plugin users rely on a single domain configuration.

Rest assured, I have taken note of it. If I decide to address and resolve this particular issue, I will make sure to inform you promptly.

Hi, thanks for your response. Please try to understand. A lot of developers like me or you feel the necessity of enabling cors. And not everybody of them host their site in the root. Wamp, mamp, xampp users host their site in subfolders. Its very common. The thing we are talking about is clearly a bug. Because the plugin is not sending request dynamically to the correct url..Fixing this is as simple as pointing to the proper dynamic url instead of using static url.

if you are using rest api, use get_rest_url() method to dynamically generate the request url regardless of which folder the site is hosted on. However, a cleaner approach for this is not to use rest api and make use of wordpress admin ajax. If you use admin ajax to save the settings, use admin_url( ‘admin–ajax.php’ ) to dynamically generate the request url.

Not fixing this means depriving thousands of devs like me of using the plugin. Like i said, this issue makes me failed to use the plugin at the very first phase after installing it. Hope you will understand the concern. Thanks again

Edited and added: This is NOT about multisite or multi url support. Its about fixing the current wordpress rest api url. I guess you use Local by flywheel or docker or any other one click wordpress installations. So in your case you host sites like (site1.local, site2.local etc)..so you dont face the issue. But people use wamp/xamp/mamp more than they use local. And they have to host their sites like localhost/site1, localhost/site2 etc.

• This reply was modified 1 year, 8 months ago by Mehbub Rashid.