CORS Policy
How to resolve CORS policy error on your WordPress website.
CORS means Cross Origin Resource Sharing.
When assets of a website (css/js/fonts/images) are being restricted to load for only a single domain (for instance -> example.com), and when the mapped domain is trying to load those assets, the browser may throw a CORS error message similar to this upon taking some site actions:
Access to XMLHttpRequest at 'https://your-mapped-domain.com/wp-admin/admin-ajax.php' from origin 'https://your-domain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
This restriction is added from the server configuration (often NGINX), or in some cases even from the .htaccess file ( In the case of Apache), and so the browser is not allowed to load blocked resources on mapped domains.
Unfortunately, WordPress and plugins/themes have nothing to do with CORS policy.
The way to solve it this issue is to allow access for the mapped domain to the blocked assets, and that kind of access is set up in the server configuration.
You can attempt to add the proper CORS policy to your vhost, which can be accomplished via server admin settings (contact your hosting company if you don't have root access) and/or by adding a script to your .vhost file (please contact support for the script, which will also require root access to be implemented).
We've had reports that the Tiger Protect app in cPanel causes CORS issues when being used simultaneously with Domain Mapping System. To prevent issues, you can disable Tiger Protect and instead use some kind of WordPress plugin like WordFence.