CORS Access

by

Me : how to configure a Plesk server to allow CORS access by specifying the headers ” Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: Content-Type ” ?

ChatGPT-4o : To configure a Plesk server to allow CORS (Cross-Origin Resource Sharing) by specifying headers like:

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type

you need to modify the web server configuration. Depending on whether you’re using Apache or Nginx, here are the steps:

✅ For Apache (common in Plesk)

Option 1: Modify .htaccess (for individual sites)

  1. Connect via FTP or File Manager in Plesk.
  2. Edit or create a .htaccess file in the root of your domain (e.g., /httpdocs).
  3. Add:
<IfModule mod_headers.c>
    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header always set Access-Control-Allow-Headers "Content-Type"
</IfModule>

⚠️ Make sure the mod_headers module is enabled on Apache.

Option 2: Use Apache directives in Plesk

  1. Go to Plesk > Domains > [Your Domain] > Apache & nginx Settings.
  2. Under Additional Apache directives, add:
<Directory />
    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header always set Access-Control-Allow-Headers "Content-Type"
</Directory>
  1. Click OK or Apply Changes.

✅ For Nginx (if used as a proxy or standalone)

  1. Go to Plesk > Domains > [Your Domain] > Apache & nginx Settings.
  2. In the Additional Nginx directives section, add:
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Content-Type' always;
  1. Click OK or Apply Changes.

🔁 Restart the Web Server (if needed)

If changes don’t take effect immediately, go to:

  • Tools & Settings > Services Management
  • Restart Apache or Nginx as needed.

✅ Test CORS Headers

Use tools like:

curl -I -X OPTIONS https://admin.ki-leierbud.lu/

You should see your CORS headers in the response.

I enabled CORS access by changing the .htaccess file.