How to Enable CORS in cPanel: A Complete Guide for Cross-Domain Access

Updated Guide for Developers and Site Owners (2025 Edition)

What is CORS and Why Does It Matter?

 

If your website needs to fetch data from external APIs or other domains, you’ve likely run into Cross-Origin Resource Sharing (CORS) errors. CORS is a browser security feature that restricts cross-origin HTTP requests. To enable your site to communicate with different origins, like pulling data from a third-party service, you’ll need to manually configure your server to allow such requests.

 

CORS

This guide will walk you step by step through enabling CORS in your cPanel-hosted website using the `.htaccess` file. Whether you’re working with JavaScript front-ends, APIs, or single-page applications (SPAs), this method is crucial for smooth integration.

 Step-by-Step: How to Enable CORS in cPanel

 Prerequisites:

  • Access to your website’s cPanel
  • Basic familiarity with file paths (like `public_html`)
  • Your target domain(s) for cross-origin requests

Step 1: Log in to your cPanel

  1. Visit yourdomain.com/cpanel or yourdomain.com:2083.
  2. Enter your cPanel credentials provided by your hosting provider.

 Step 2: Open File Manager

  1. Inside the cPanel dashboard, locate the File Manager (under the “Files” section).
  2. Launch the File Manager to begin accessing your website’s files.

 Step 3: Navigate to Your Website Root Directory

  1. Open the public_html folder (or the folder containing the specific site).
  2. This is typically the root directory where `.htaccess` resides.

 Step 4: Reveal Hidden Files

  • If you don’t see `.htaccess`, click Settings in the top-right corner of File Manager.
  • Check “Show Hidden Files (dotfiles)” and hit Save.
  • Still not visible? You can create a new file named `.htaccess` if it doesn’t exist.

 Step 5: Edit the .htaccess File

  1. Right-click on `.htaccess` and select Edit.
  2. If prompted by a pop-up, click Edit again to proceed.

 Step 6: Insert CORS Configuration

Add the following lines of code into your `.htaccess` file:

“`apache

<IfModule mod_headers.c>

    Header set Access-Control-Allow-Origin “*”

    Header set Access-Control-Allow-Methods “GET, POST, OPTIONS, DELETE, PUT”

    Header set Access-Control-Allow-Headers “Content-Type, Authorization”

</IfModule>

“`

What This Does:

Access-Control-Allow-Origin “*” ` allows all domains to access your resources. Replace `*` with a specific domain (`https://example.com`) for more control.

  • `Access-Control-Allow-Methods` specifies which HTTP methods are permitted.
  • `Access-Control-Allow-Headers` defines which request headers are accepted.

Security Tip: Avoid using `”*”` for production APIs unless you’re aware of the risks. It’s safer to specify only the domains you trust.

 Step 7: Save and Close

Click Save Changes in the editor, then close the file.

 Step 8: Test If CORS Is Enabled

You can test if CORS is working properly by:

  • Opening Developer Tools in your browser (F12)
  • Checking the Network tab and looking for the `Access-Control-Allow-Origin` header in your server’s responses
  • Using online tools like [https://www.test-cors.org](https://www.test-cors.org)

If the header appears correctly, your CORS configuration is now active.

 Troubleshooting Tips

->Still not working? Check if your server has Apache’s `mod_headers` module enabled.

->Using a CMS like WordPress? Make sure caching plugins aren’t interfering.

->Conflicting settings? Ensure no overrides exist in your app code or server-level config like `MultiPHP Manager`.

FAQs:

1. Why does my browser block external API calls?

It’s a default security measure. You need to allow cross-origin access on your server.

2. How can I allow requests from another domain?

By editing the .htaccess file and adding the correct headers as shown above.

3. Is allowing all domains safe?

No. It’s better to allow only specific trusted domains for security.

4. What if it’s still not working?

Check for caching, server module status, or conflicting server-level rules.

5. Can I allow access from just one domain?

Yes. Replace “*” with your specific domain in the configuration.

6. Will this impact my SEO?

No. It affects functionality, not search rankings, though better UX can lead to improved SEO indirectly.

Final Thoughts

Enabling CORS through cPanel’s “.htaccess” is a reliable method for granting your web apps secure access to resources across domains. From APIs to static front-end applications, this simple tweak ensures that your cross-origin requests go through without triggering security blocks.

Remember, always keep security in mind, don’t leave wide-open access unless your use case truly demands it. Prefer domain-specific CORS rules when building production-grade systems.

Share this article
Shareable URL
Prev Post

Beginner’s Guide: Installing WordPress on Your Website Using cPanel

Next Post

How to Force HTTPS Using .htaccess in cPanel (Step-by-Step Guide)

Leave a Reply

Your email address will not be published. Required fields are marked *

Read next