Kirby ajax call from subdomain -> cross domain error

Hi all,

i have some routes in my kirby project which have to be accessible via api from a subdomain.

I put this into my config.php at the beginning:


I am always getting: has been blocked by CORS policy
With postman from my local machine it works…

I am using nuxt 2 with axios to make the call.

any ideas?

Maybe you have a typo and remove the trailing slash.


i tried everything, with / without slash.
Api route and normal route.

this.$'', {'token' : 'test12'})
      .then(resp => { //normal route

Always runs into “has been blocked by CORS policy”. With nuxt proxy ist works locally but not the server build.

config.php first line:
header('Access-Control-Allow-Origin: http://localhost:3000');

Is there any middleware to bypass or anything else?


If you use the API, you need to authenticate. Although that is another problem. Have you tried setting the access control header to * for testing?

yes i know, in postman i am getting the “Unauthenticated” message calling: /api/tester. Which i like cause i know this reaches the endpoint. With nuxt always cors…

Well, Postman doesn’t send a javascript request, hence no CORS issues.

yes, it does not.

Do i need “Access-Control-Allow-Origin” in config.php /htaccess or index.php?

Really a bug? It must be a config problem…

I have got the solution…

in your htaccess at the beginning:

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "Content-Type"

and really important:

RewriteEngine on

RewriteRule ^(.*)$ $1 [R=200,L]

hope this will help others.