{"id":11419,"date":"2025-04-30T12:31:19","date_gmt":"2025-04-30T06:46:19","guid":{"rendered":"https:\/\/nestnepal.com\/blog\/?p=11419"},"modified":"2025-05-23T14:26:27","modified_gmt":"2025-05-23T08:41:27","slug":"enable-cors-in-cpanel-for-cross-domain-access","status":"publish","type":"post","link":"https:\/\/nestnepal.com\/blog\/enable-cors-in-cpanel-for-cross-domain-access\/","title":{"rendered":"How to Enable CORS in cPanel: A Complete Guide for Cross-Domain Access"},"content":{"rendered":"<h1><span style=\"font-weight: 400;\">Updated Guide for Developers and Site Owners (2025 Edition)<\/span><\/h1>\n<h2><span style=\"font-weight: 400;\">What is CORS and Why Does It Matter?<\/span><\/h2>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">If your website needs to fetch data from external APIs or other domains, you&#8217;ve likely run into <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Guides\/CORS\" target=\"_blank\" rel=\"noopener\">Cross-Origin Resource Sharing (CORS)<\/a> errors. CORS is a browser security feature that restricts cross-origin HTTP requests. To enable your site to communicate with different origins, like pulling data from a third-party service, you\u2019ll need to manually configure your server to allow such requests.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" class=\"alignnone lazyload\" data-src=\"https:\/\/mdn.github.io\/shared-assets\/images\/diagrams\/http\/cors\/fetching-page-cors.svg\" alt=\"CORS \" width=\"593\" height=\"445\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 593px; --smush-placeholder-aspect-ratio: 593\/445;\" \/><\/p>\n<p><span style=\"font-weight: 400;\">This guide will walk you step by step through enabling CORS in your cPanel-hosted website using the `.htaccess` file. Whether you&#8217;re working with JavaScript front-ends, APIs, or single-page applications (SPAs), this method is crucial for smooth integration.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">\u00a0Step-by-Step: How to Enable CORS in cPanel<\/span><\/h2>\n<h3><span style=\"font-weight: 400;\">\u00a0Prerequisites:<\/span><\/h3>\n<ul>\n<li><span style=\"font-weight: 400;\">Access to your website\u2019s <\/span><b>cPanel<\/b><\/li>\n<li><span style=\"font-weight: 400;\">Basic familiarity with file paths (like `public_html`)<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Your target domain(s) for cross-origin requests<\/span><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">Step 1: Log in to your cPanel<\/span><\/h3>\n<ol>\n<li><span style=\"font-weight: 400;\"> Visit yourdomain.com\/cpanel or yourdomain.com:2083.<\/span><\/li>\n<li><span style=\"font-weight: 400;\"> Enter your cPanel credentials provided by your hosting provider.<\/span><\/li>\n<\/ol>\n<h3><span style=\"font-weight: 400;\">\u00a0Step 2: Open File Manager<\/span><\/h3>\n<ol>\n<li><span style=\"font-weight: 400;\"> Inside the cPanel dashboard, locate the <\/span><b>File Manager<\/b><span style=\"font-weight: 400;\"> (under the &#8220;Files&#8221; section).<\/span><\/li>\n<li><span style=\"font-weight: 400;\"> Launch the File Manager to begin accessing your website\u2019s files.<\/span><\/li>\n<\/ol>\n<h3><span style=\"font-weight: 400;\">\u00a0Step 3: Navigate to Your Website Root Directory<\/span><\/h3>\n<ol>\n<li><span style=\"font-weight: 400;\"> Open the <\/span><b>public_html<\/b><span style=\"font-weight: 400;\"> folder (or the folder containing the specific site).<\/span><\/li>\n<li><span style=\"font-weight: 400;\"> This is typically the root directory where `.htaccess` resides.<\/span><\/li>\n<\/ol>\n<h3><span style=\"font-weight: 400;\">\u00a0Step 4: Reveal Hidden Files<\/span><\/h3>\n<ul>\n<li><span style=\"font-weight: 400;\">If you don\u2019t see `.htaccess`, click <\/span><b>Settings<\/b><span style=\"font-weight: 400;\"> in the top-right corner of File Manager.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Check &#8220;<\/span><b>Show Hidden Files (dotfiles)<\/b><span style=\"font-weight: 400;\">&#8221; and hit <\/span><b>Save<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Still not visible? You can create a new file named `.htaccess` if it doesn\u2019t exist.<\/span><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">\u00a0Step 5: Edit the .htaccess File<\/span><\/h3>\n<ol>\n<li><span style=\"font-weight: 400;\"> Right-click on `.htaccess` and select <\/span><b>Edit<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li><span style=\"font-weight: 400;\"> If prompted by a pop-up, click <\/span><b>Edit<\/b><span style=\"font-weight: 400;\"> again to proceed.<\/span><\/li>\n<\/ol>\n<h3><span style=\"font-weight: 400;\">\u00a0Step 6: Insert CORS Configuration<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Add the following lines of code into your `.htaccess` file:<\/span><\/p>\n<p><em><span style=\"font-weight: 400;\">&#8220;`apache<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400;\">&lt;IfModule mod_headers.c&gt;<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0Header set Access-Control-Allow-Origin &#8220;*&#8221;<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0Header set Access-Control-Allow-Methods &#8220;GET, POST, OPTIONS, DELETE, PUT&#8221;<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400;\">\u00a0\u00a0\u00a0\u00a0Header set Access-Control-Allow-Headers &#8220;Content-Type, Authorization&#8221;<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400;\">&lt;\/IfModule&gt;<\/span><\/em><\/p>\n<p><em><span style=\"font-weight: 400;\">&#8220;`<\/span><\/em><\/p>\n<p><b>What This Does:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Access-Control-Allow-Origin &#8220;*&#8221; ` allows all domains to access your resources. Replace `*` with a specific domain (`https:\/\/example.com`) for more control.<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\">`Access-Control-Allow-Methods` specifies which HTTP methods are permitted.<\/span><\/li>\n<li><span style=\"font-weight: 400;\">`Access-Control-Allow-Headers` defines which request headers are accepted.<\/span><\/li>\n<\/ul>\n<p><b>Security Tip<\/b><span style=\"font-weight: 400;\">: Avoid using `&#8221;*&#8221;` for production APIs unless you&#8217;re aware of the risks. It&#8217;s safer to specify only the domains you trust.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">\u00a0Step 7: Save and Close<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Click <\/span><b>Save Changes<\/b><span style=\"font-weight: 400;\"> in the editor, then close the file.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">\u00a0Step 8: Test If CORS Is Enabled<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">You can test if CORS is working properly by:<\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\">Opening <\/span><b>Developer Tools<\/b><span style=\"font-weight: 400;\"> in your browser (F12)<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Checking the <\/span><b>Network tab<\/b><span style=\"font-weight: 400;\"> and looking for the `Access-Control-Allow-Origin` header in your server\u2019s responses<\/span><\/li>\n<li><span style=\"font-weight: 400;\">Using online tools like [https:\/\/www.test-cors.org](https:\/\/www.test-cors.org)<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">If the header appears correctly, your CORS configuration is now active.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">\u00a0Troubleshooting Tips<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">-&gt;<\/span><b>Still not working?<\/b><span style=\"font-weight: 400;\"> Check if your server has Apache&#8217;s `mod_headers` module enabled.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">-&gt;U<\/span><b>sing a CMS like <a href=\"https:\/\/nestnepal.com\/wordpress-hosting-in-nepal\/\">WordPress<\/a>?<\/b><span style=\"font-weight: 400;\"> Make sure caching plugins aren\u2019t interfering.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">-&gt;<\/span><b>Conflicting settings?<\/b><span style=\"font-weight: 400;\"> Ensure no overrides exist in your app code or server-level config like `<a href=\"https:\/\/nestnepal.com\/blog\/switch-php-versions-via-multiphp-manager-cpanel\/\">MultiPHP Manager<\/a>`.<\/span><\/p>\n<h2>FAQs:<\/h2>\n<h3>1. Why does my browser block external API calls?<\/h3>\n<p>It\u2019s a default security measure. You need to allow cross-origin access on your server.<\/p>\n<h3>2. How can I allow requests from another domain?<\/h3>\n<p>By editing the .htaccess file and adding the correct headers as shown above.<\/p>\n<h3>3. Is allowing all domains safe?<\/h3>\n<p>No. It\u2019s better to allow only specific trusted domains for security.<\/p>\n<h3>4. What if it&#8217;s still not working?<\/h3>\n<p>Check for caching, server module status, or conflicting server-level rules.<\/p>\n<h3>5. Can I allow access from just one domain?<\/h3>\n<p>Yes. Replace &#8220;*&#8221; with your specific domain in the configuration.<\/p>\n<h3>6. Will this impact my SEO?<\/h3>\n<p>No. It affects functionality, not search rankings, though better UX can lead to improved SEO indirectly.<\/p>\n<h2><strong><span style=\"font-size: 16px;\">Final Thoughts<\/span><\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">Enabling CORS through cPanel\u2019s &#8220;.htaccess&#8221; is a reliable method for granting your web apps secure access to resources across domains. From APIs to static front-end applications, this simple tweak ensures that your cross-origin requests go through without triggering security blocks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Remember, always keep security in mind, don\u2019t leave wide-open access unless your use case truly demands it. Prefer domain-specific CORS rules when building production-grade systems.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Updated Guide for Developers and Site Owners (2025 Edition) What is CORS and Why Does It Matter? &nbsp; If your&#8230;<\/p>\n","protected":false},"author":15,"featured_media":11922,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[123,262],"tags":[117,354,373],"class_list":["post-11419","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dns","category-domain","tag-cpanel","tag-cpanel-wordpress-website","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/posts\/11419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/comments?post=11419"}],"version-history":[{"count":6,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/posts\/11419\/revisions"}],"predecessor-version":[{"id":11434,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/posts\/11419\/revisions\/11434"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/media\/11922"}],"wp:attachment":[{"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/media?parent=11419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/categories?post=11419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/tags?post=11419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}