Announcement

**In Omnibus** · Tue 23 Jul '19, 9:43am

It sounds like your root URL is not whitelisted in the SSL certificate.

**Wayne Luke** · Tue 23 Jul '19, 10:11am

The login form is loading for me when I visit your forum. Please clear your browser cache.

**ArekInc** · Tue 23 Jul '19, 10:44am

It behaves the same at different browsers which I cleared from cache files, uninstalled and installed again.
When I go with gooner.pl only, it works like a charm. The login tab can be loaded.
But when I type gooner.pl/forum it shows as follows on Opera and Firefox:

**ArekInc** · Mon 29 Jul '19, 2:27am

Looks like CORS is blocking access? Can someone help?

jquery.js:8561 [Deprecation] Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
send @ jquery.js:8561
jquery.js:8630 Access to XMLHttpRequest at 'https://www.gooner.pl/forum/ajax/api/options/fetchValues' from origin 'https://gooner.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
send @ jquery.js:8630
footer-rollup-553.js:382 Error when fetching options: NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'https://www.gooner.pl/forum/ajax/api/options/fetchValues'.
error @ footer-rollup-553.js:382
jquery.js:8630 Access to XMLHttpRequest at 'https://www.gooner.pl/forum/ajax/api/options/fetchValues' from origin 'https://gooner.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
send @ jquery.js:8630
footer-rollup-553.js:382 Error when fetching options: NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'https://www.gooner.pl/forum/ajax/api/options/fetchValues'.
error @ footer-rollup-553.js:382
footer-rollup-553.js:2544 PM Dropdown not detected, skipping init.
footer-rollup-553.js:2544 PM Chat window not detected, skipping init.
(index):1 Refused to display 'https://www.gooner.pl/forum/auth/login-form' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
footer-rollup-553.js:382 vBulletin.loadingIndicator.show Counter: 1 Source: ajaxStart
jquery.js:8630 Access to XMLHttpRequest at 'https://www.gooner.pl/forum/ajax/api/options/fetchValues' from origin 'https://gooner.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
send @ jquery.js:8630
footer-rollup-553.js:382 Error when fetching options: NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'https://www.gooner.pl/forum/ajax/api/options/fetchValues'.
error @ footer-rollup-553.js:382
footer-rollup-553.js:382 vBulletin.loadingIndicator.hide Counter: 0 Source: ajaxStop
footer-rollup-553.js:382 Securitytoken updated
footer-rollup-553.js:382 vBulletin.loadingIndicator.show Counter: 1 Source: ajaxStart
jquery.js:8630 Access to XMLHttpRequest at 'https://www.gooner.pl/forum/ajax/api/options/fetchValues' from origin 'https://gooner.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
send @ jquery.js:8630
footer-rollup-553.js:382 Error when fetching options: NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'https://www.gooner.pl/forum/ajax/api/options/fetchValues'.
error @ footer-rollup-553.js:382
footer-rollup-553.js:382 vBulletin.loadingIndicator.hide Counter: 0 Source: ajaxStop
syndication.twitter.com/i/jot/syndication?l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A156 4395362675%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22 page%22%3A%22timeline%22%2C%22action%22%3A%22impression%22%7D%7D:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
(index):1 Refused to display 'https://www.gooner.pl/forum/auth/login-form' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

**Mark.B** · Mon 29 Jul '19, 4:42am

CORS is a third party browser add on. I have no idea why it is blocking anything, it isn’t something we can provide support for.

**Wayne Luke** · Mon 29 Jul '19, 1:56pm

Redirect https://gooner.pl to https://www.gooner.pl/. You shouldn't try to access your site via multiple URLs in this day and age. You'll trigger server and browser security protocols like CORS.

Your hosting provider can help you with redirects. They can also help you update the CORS policy for your site. There is no way to control either in vBulletin.

**ArekInc** · Tue 30 Jul '19, 10:53pm

Thanks Mark and Wayne! I will contact our host provider regarding CORS.

In the end I did resolve the issue partially (all web browsers are showing the login frame correctly, but console shows it with errors, still) by hashing this line in .htaccess file:

# Don't allow other sites to frame in your content. If you do need to frame the
# forums in on another host you will need to remove or change this line.
# Header always append X-Frame-Options sameorigin

I have tried to add those lines but then login frame didn't work at all or behaved like beofre.

Header set Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Origin https://www.gooner.pl/forum
Header add Access-Control-Allow-Origin https://www.gooner.pl

I am aware that hashing X-Frame-Options is a potential security risk and will try to fix it after contacting hosting support.

Thank you for support.

**Wayne Luke** · Wed 31 Jul '19, 8:13am

The login iframe should always use the same URL as you have for the Front-End URL in the AdminCP. The only reason it has its own setting is because of something we attempted in 5.0.0 and have since disregarded and people should use SSL for the entire site these days. The option has stayed because it doesn't usually pose a problem.

Announcement

Problem with forum URL after installing SSL certificate

Problem with forum URL after installing SSL certificate

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics