Title: Dev Kabir's Replies | WordPress.org --- # Dev Kabir [ ](https://wordpress.org/support/users/devkabir/) * [Profile](https://wordpress.org/support/users/devkabir/) * [Topics Started](https://wordpress.org/support/users/devkabir/topics/) * [Replies Created](https://wordpress.org/support/users/devkabir/replies/) * [Reviews Written](https://wordpress.org/support/users/devkabir/reviews/) * [Topics Replied To](https://wordpress.org/support/users/devkabir/replied-to/) * [Engagements](https://wordpress.org/support/users/devkabir/engagements/) * [Favorites](https://wordpress.org/support/users/devkabir/favorites/) Search replies: ## Forum Replies Created Viewing 15 replies - 1 through 15 (of 79 total) 1 [2](https://wordpress.org/support/users/devkabir/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/devkabir/replies/page/3/?output_format=md) [4](https://wordpress.org/support/users/devkabir/replies/page/4/?output_format=md) [5](https://wordpress.org/support/users/devkabir/replies/page/5/?output_format=md) [6](https://wordpress.org/support/users/devkabir/replies/page/6/?output_format=md) [→](https://wordpress.org/support/users/devkabir/replies/page/2/?output_format=md) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] This plugin break site in ru|su|by domains](https://wordpress.org/support/topic/this-plugin-break-site-in-rusuby-domains/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [11 months ago](https://wordpress.org/support/topic/this-plugin-break-site-in-rusuby-domains/#post-18552206) * We’ve removed the vulnerable SweetAlert2 library and released a new version of the plugin — **v2.0.2** — with the fix. Please update to the latest version as soon as possible. * Let us know if you face any further issues. We appreciate your support! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] This plugin break site in ru|su|by domains](https://wordpress.org/support/topic/this-plugin-break-site-in-rusuby-domains/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [11 months ago](https://wordpress.org/support/topic/this-plugin-break-site-in-rusuby-domains/#post-18547314) * Thank you for your message and for bringing this to our attention. * We’re very sorry to hear that the plugin caused issues on your partner site. We take security very seriously. We will immediately review the SweetAlert2 library used in the plugin and check for any vulnerabilities or suspicious behavior. * If we find any problems, we’ll update the plugin to use a safe version or replace the library as needed. In the meantime, we recommend disabling the plugin on affected sites. * Thank you again for reporting this. We appreciate your help in keeping things safe. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] Access-control-Allow-origin missin](https://wordpress.org/support/topic/access-control-allow-origin-missin/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 4 months ago](https://wordpress.org/support/topic/access-control-allow-origin-missin/#post-18257159) * Since we haven’t received a response from you, I’m proceeding to close this thread. Please know that you’re welcome to contribute to this thread at any time by adding your message. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] Access-control-Allow-origin missin](https://wordpress.org/support/topic/access-control-allow-origin-missin/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 4 months ago](https://wordpress.org/support/topic/access-control-allow-origin-missin/#post-18252167) * Hello, * Thank you for reaching out regarding the CORS issue on your page. From the error you mentioned, it seems that the `Access-Control-Allow-Origin` header is not being sent in some cases, particularly on macOS Firefox and iOS Safari. * Here are a few steps to resolve this issue: 1. **Server Configuration:** If the plugin is set up correctly but the error persists, there might be a server-level configuration overriding the headers. Check your server’s `.htaccess` file or equivalent to confirm that there are no conflicting CORS rules. 2. **Check for HTTPS Enforcement:** Ensure that both the source and destination URLs use `https://`. Some browsers, especially Safari on iOS, enforce stricter rules for mixed-content handling. 3. **Browser-Specific Issues:** As noted, some browser variations can handle CORS differently. To address this: 4. - Ensure your WordPress site and the external API both send the `Vary: Origin` header. - Use a wildcard `*` for `Access-Control-Allow-Origin` only if your use case does not involve credentials (e.g., cookies, HTTP authentication). 5. **Debugging Tools:** Use browser developer tools or plugins to inspect the HTTP headers. Look for: 6. - `Access-Control-Allow-Origin` is present. - Any potential server-side cache interfering with the headers. 7. **Plugin Debugging:** Activate the plugin’s debugging mode if available. Alternatively, modify the code in `enable-cors.php` to log incoming requests and headers. 8. **Testing Your Setup:** Follow the steps in the `readme.txt` under the “Testing Your Setup” section to verify the functionality with a simple source-target setup. * If you’ve tried the above and still encounter the issue, let me know. I can guide you further or assist in debugging directly. * Best regards, Kabir * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] I want CORS to be enabled for custom endpoint](https://wordpress.org/support/topic/i-want-cors-to-be-enabled-for-custom-endpoint/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 9 months ago](https://wordpress.org/support/topic/i-want-cors-to-be-enabled-for-custom-endpoint/#post-17972209) * Hello Vishwa, You can manually add CORS headers using a code snippet in your theme’s `functions.php` file or in a custom plugin and check if the request URI contains `/wp-content/uploads/` and, if so, adds the necessary CORS headers. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] API Request has been blocked by CORS policy](https://wordpress.org/support/topic/api-request-has-been-blocked-by-cors-policy/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 9 months ago](https://wordpress.org/support/topic/api-request-has-been-blocked-by-cors-policy/#post-17968093) * Based on what you’ve shared, it looks like the `ERR_FAILED 429 (Too Many Requests)` error is related to the connection between your frontend site (`https://www.shirksllc. com`) and backend site (`https://shirksllc.net`). This error typically means that the backend site is receiving too many requests in a short period of time and is temporarily blocking further requests as a precaution. * **Does This Require Action from Someone Else?** * Yes, this could be an issue with how the backend WordPress site is configured, but it’s not something you need to handle directly. Here’s what you can do: 1. **Talk to Your Frontend Developer**: The `429` error may be caused by too many requests being sent from the frontend site to the backend. Your frontend developer can review how often requests are being made to the backend and whether these requests can be optimized or spaced out to avoid triggering the limit. 2. **Reach Out to Your Backend Host/Support**: If needed, you can also check with the hosting provider or the team managing the backend site (`https://shirksllc. net`). They may have rate-limiting or security settings that could be adjusted to allow more requests. * Plugin and CORS: * While our plugin helps resolve CORS issues (related to allowing communication between the two sites), the `429` error is specifically related to too many requests being sent. It’s something that can be managed with adjustments to the request frequency or the server’s settings. * Feel free to forward this information to your developer or hosting provider. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] API Request has been blocked by CORS policy](https://wordpress.org/support/topic/api-request-has-been-blocked-by-cors-policy/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 9 months ago](https://wordpress.org/support/topic/api-request-has-been-blocked-by-cors-policy/#post-17965774) * It sounds like your CORS issue is intermittent, which can be particularly frustrating to debug. Let’s walk through some specific steps to help address the problem. 1. **Ensure Headers Are Consistently Set**: The code you added to your `functions. php` file is a good start, but it might not be hooked into the right action. The `init` hook may be too early in the WordPress lifecycle, which could lead to inconsistent header behavior. Try switching to the `send_headers` action, which is specifically designed to modify headers: * ```wp-block-code function add_cors_http_header() { header("Access-Control-Allow-Origin: https://www.shirksllc.com"); header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS"); header("Access-Control-Allow-Headers: Content-Type, Authorization"); } add_action('send_headers', 'add_cors_http_header'); ``` * This will ensure that CORS headers are attached at the right point in the request lifecycle. 2. **Double-Check for Caching**: Caching is a common culprit when it comes to inconsistent behavior. If you have any caching plugins or server-side caching enabled, try clearing them. It’s possible that old responses (without the correct CORS headers) are being served from the cache. 3. **Check for Conflicting Plugins**: Some security or performance plugins can also affect header responses. Temporarily deactivate other plugins (e.g., caching, security) and see if the issue persists. If CORS behaves consistently after disabling certain plugins, you may need to adjust those plugins’ settings. * Additionally, **please wait for the next sprint**, as we will make sure our plugin is compatible with the **JWT Auth – WordPress JSON Web Token Authentication plugin**. Or you can hire a freelancer to resolve this issue. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] API Request has been blocked by CORS policy](https://wordpress.org/support/topic/api-request-has-been-blocked-by-cors-policy/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 9 months ago](https://wordpress.org/support/topic/api-request-has-been-blocked-by-cors-policy/#post-17963345) * Thank you for reaching out to us. I understand how frustrating CORS issues can be, especially after you’ve taken steps to configure the plugin correctly. * I wanted to let you know that we did test our plugin’s compatibility with the** JWT Auth – WordPress JSON Web Token Authentication** plugin, and unfortunately, it seems there are some compatibility issues. We’ve noted your issue and will prioritize making our plugin compatible in a future sprint. * In the meantime, here are some steps I would take if I were in your position: 1. **Check Plugin Configuration:** 2. - Ensure that `https://www.shirksllc.com` and `https://shirksllc.com/` is listed as an allowed origin and that the appropriate methods (GET, POST, etc.) are allowed. 3. **Check Server Configuration:** 4. - If you’re using Nginx, make sure the server configuration includes the necessary` Access-Control-Allow-Origin` headers. For Nginx, you would need to update the server block configuration. 5. **Verify WordPress Rest API Headers:** 6. - Ensure that the REST API endpoints, particularly `https://shirksllc.net/ wp-json/jwt-auth/v1/token/validate`, are returning the correct CORS headers. This might involve adding custom headers through your theme’s `functions. php` or using a plugin to modify the response headers. 7. **Cross-Domain Setup:** 8. - Since your frontend (`https://www.shirksllc.com`) and backend (`https:// shirksllc.net`) are on different domains, consider setting up a proxy in your frontend application to route API requests through the same domain. 9. **Caching Issues:** 10. - Sometimes, caching plugins or server-side caching can interfere with headers. Try clearing your cache to ensure that the correct headers are being sent. * If you prefer, you can uninstall our plugin and leave a one-star review—we completely understand your frustration and appreciate your feedback as it helps us improve. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] Invalid “Very” Response Header](https://wordpress.org/support/topic/invalid-very-response-header/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 10 months ago](https://wordpress.org/support/topic/invalid-very-response-header/#post-17949002) * Got it! We’ll fix it in the next sprint. Please update your profile picture so I can acknowledge your contribution in the plugin dashboard. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] Invalid “Very” Response Header](https://wordpress.org/support/topic/invalid-very-response-header/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 10 months ago](https://wordpress.org/support/topic/invalid-very-response-header/#post-17946675) * Hey [@czeideavanzadoonb](https://wordpress.org/support/users/czeideavanzadoonb/) * Thank you for bringing this to our attention! * The value `Origin` is correct, as it specifies that the response varies based on the `Origin` header in the request. For more details, please review this paragraph: [MDN Documentation on Vary Header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary#header-name:~:text=list%20of%20request%20header%20names). * Thank you for helping us improve the plugin! * Best regards, * Dev * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] Blocked by CORS on custom endpoint](https://wordpress.org/support/topic/blocked-by-cors-on-custom-endpoint/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 10 months ago](https://wordpress.org/support/topic/blocked-by-cors-on-custom-endpoint/#post-17936872) * Your code has a syntax error and the flow needs improvement. Adding some hooks and filters will help make it work. It might be best to hire an expert developer to resolve this issue. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] Not Passing CORS Tester Website Check](https://wordpress.org/support/topic/not-passing-cors-tester-website-check/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 10 months ago](https://wordpress.org/support/topic/not-passing-cors-tester-website-check/#post-17897796) * Since we haven’t received a response from you, I’m proceeding to close this thread. Please know that you’re welcome to contribute to this thread at any time by adding your message. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] Not Passing CORS Tester Website Check](https://wordpress.org/support/topic/not-passing-cors-tester-website-check/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 10 months ago](https://wordpress.org/support/topic/not-passing-cors-tester-website-check/#post-17893735) * Please try setting it up like this. [https://snipboard.io/iHK0SQ.jpg](https://snipboard.io/iHK0SQ.jpg) * If it doesn’t work, hire a professional to solve the issue. - This reply was modified 1 year, 10 months ago by [Dev Kabir](https://wordpress.org/support/users/devkabir/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] Not Passing CORS Tester Website Check](https://wordpress.org/support/topic/not-passing-cors-tester-website-check/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 10 months ago](https://wordpress.org/support/topic/not-passing-cors-tester-website-check/#post-17892886) * Hello Donal, * Thank you for reaching out. * Could you please try resetting the plugin to its default settings and then check if your site passes the CORs test? If it still doesn’t pass, it might indicate that this plugin is not suitable for your site configuration. In that case, you may consider uninstalling the plugin. * Please let us know how it goes. * Best regards, * Dev * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Enable CORS] Issue with fonts](https://wordpress.org/support/topic/issue-with-fonts-2/) * Plugin Author [Dev Kabir](https://wordpress.org/support/users/devkabir/) * (@devkabir) * [1 year, 11 months ago](https://wordpress.org/support/topic/issue-with-fonts-2/#post-17843451) * If the plugin isn’t working on your site, please uninstall it, as it’s not designed for your site. Feel free to leave a one-star review if you find it appropriate. Viewing 15 replies - 1 through 15 (of 79 total) 1 [2](https://wordpress.org/support/users/devkabir/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/devkabir/replies/page/3/?output_format=md) [4](https://wordpress.org/support/users/devkabir/replies/page/4/?output_format=md) [5](https://wordpress.org/support/users/devkabir/replies/page/5/?output_format=md) [6](https://wordpress.org/support/users/devkabir/replies/page/6/?output_format=md) [→](https://wordpress.org/support/users/devkabir/replies/page/2/?output_format=md)