Cross-Origin Resource Sharing (CORS)is a security feature implemented by web browsers to restrict web pages from making requests to a different domain than the one that served the web page. Because of this, you might get Cross-Origin Request Blocked: The Same Origin
in your browser console and the chat widget will not load.
Policy disallows reading the remote resource at YOUR-WEBSITE.COM.
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status
code: 200.
To resolve this issue, you have a few options:
- Update Server Configuration: If you have control over your hosting server, you should configure it to include the appropriate CORS headers in its responses. You can set the ‘Access-Control-Allow-Origin’ header to the domain from which the requests are originating. There are 2 ways to do it:
- Apache (via .htaccess or server configuration) – Add the following to your .htaccess file or directly in your server configuration:
Header set Access-Control-Allow-Origin "*"
- Nginx (in the server block) – Add the following to your Nginx configuration:
location / {
add_header 'Access-Control-Allow-Origin' '*';
}
- Apache (via .htaccess or server configuration) – Add the following to your .htaccess file or directly in your server configuration:
- Proxy Server: If you don’t have control over the server, you can set up a proxy server on your domain that makes requests to the server on behalf of your web page. This way, the same-origin policy is not violated because the requests are made from the same domain.