I have upgraded my website from magento 2.4.3 to 2.4.5 and now I am getting the issue Access to XMLHttpRequest at from origin has been blocked by CORS policy issue
I have a multi store setup and have tried a number of solutions.
These are the URLs of my store
https://www.nonnon.co.uk/ (Default store)
https://www.zaxyshoes.co.uk/
https://ipanemaflipflops.co.uk/
I am getting this issue on
zaxyshoes.co.uk and
ipanemaflipflops.co.uk
Default store i.e nonnon.co.uk is working fine
I have tried a multiple solutions that I found online, but none of them worked for me.
This is the rule that I have in .htaccess file
<IfModule mod_headers.c>
############################################
Header set X-UA-Compatible "IE=edge"
# `mod_headers` cannot match based on the content-type, however,
# the `X-UA-Compatible` response header should be send only for
# HTML documents and not for the other resources.
<FilesMatch ".(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
Header unset X-UA-Compatible
</FilesMatch>
<FilesMatch ".(ttf|ttc|otf|eot|woff|woff2|font.css|css|json|html)$">
Header always set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "X-Requested-With"
Header always set Access-Control-Allow-Methods "GET"
Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
</FilesMatch>
</IfModule>
Also I have added CORS Origin URL in magento admin that is responsible for zaxyshoes.co.uk as nonnon.co.uk that is responsible for serving static content.
I can not think of any more solution. I am really stuck with this and this problem we are having with our production website. Could some one guide me to solve the issue.
I also have added the urls for reference and one can see the issue in the browser console tab.
I highly appreciate any guidance to solve this issue.