I have built an app which enables the manager of many WP sites to make RestAPI GET, POST, PUT & DELETE requests which work perfectly when using them from this Apps, when the WP site are hosted on the same domain / subdomains.
I have added the below lines in the .htaccess of the ‘remote WP’ not hosted on the same domain, in order, I thought, to enable access to the site remotely:
CORS Headers
<ifModule mod_headers.c>
Header always set Access-Control-Allow-Origin: "http://admin.soulabail.fr"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE"
Header always set Access-Control-Allow-Headers "X-Requested-With, content-type"
</ifModule>
BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
</IfModule>
I am using Enrique Chavez’s JWT -Authentication plugin, and it works great, and would not be in question, and added the CORS Section to the beginning of the htaccess file, to no avail….
Am I missing something ? Am I mistaken on the role and capabilities of CORS authorizations (…) w/ regards to accessing a remote DB (my primary request to the WP site is in fact a request to the remote DB not hosted on the same domain as the app , and fails with the below message:
SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed: Name or service not known
Which indicates a failure to access the remote database…Is this in any way related to any possible CORS bypass / is the htaccess config to “blame” ?
Many thanks for your help