URGENT - TEMPLATE PROBLEM WITH HTTPS URL

I was coding a new site and everything was fine until i moved it live. At the live site there is an ssl certificate and the site urls are https.

Now I am getting the following errors and the orders are not fullfiled. Font awesome are not also loaded at all

Code: Select all

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.valleygreentea.com.au/templates/gk_storefront/fonts/storefront-pixellove/storefront-pixellove.woff. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.valleygreentea.com.au/templates/gk_storefront/fonts/font-awesome/fontawesome-webfont.woff2?v=4.4.0. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.valleygreentea.com.au/templates/gk_storefront/fonts/storefront-pixellove/storefront-pixellove.ttf. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.valleygreentea.com.au/templates/gk_storefront/fonts/font-awesome/fontawesome-webfont.woff?v=4.4.0. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
GET https://www.valleygreentea.com.au/index.php?tmpl=json&lang=en&_=1469711143884
   
301 Moved Permanently
      971ms   
jquery.min.js (line 4)
ParamsHeadersHTMLCookies
_   
1469711143884
lang   
en
tmpl   
json
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.valleygreentea.com.au/templates/gk_storefront/fonts/font-awesome/fontawesome-webfont.ttf?v=4.4.0. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.valleygreentea.com.au/index.php?tmpl=json&lang=en&_=1469711143884. (Reason: CORS header 'Access-Control-Allow-Origin' missing).


Here is the url
https://valleygreentea.com.au/

I would appreciate your help. This a live site and I cannot work at the staging site since there is no https there

Thanks

In case someone encounters the same issue you need to add the following at the htaccess file

# ----------------------------------------------------------------------
# CORS-enabled images (@crossorigin)
# ----------------------------------------------------------------------
# Send CORS headers if browsers request them; enabled by default for images.
# developer.mozilla.org/en/CORS_Enabled_Image
# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
# wiki.mozilla.org/Security/Reviews/crossoriginAttribute
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
# mod_headers, y u no match by Content-Type?!
<FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>
</IfModule>
# ----------------------------------------------------------------------
# Webfont access
# ----------------------------------------------------------------------
# Allow access from all domains for webfonts.
# Alternatively you could only whitelist your
# subdomains like "subdomain.example.com".
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
</IfModule>

Hi

Thank You for shearing this with us. It's one of the solutions, another could be to change the urls in /fonts folder files directly to https:// or ://