About the Questions category

Have a question about Kinsta’s static site hosting? Look no further! In this subcategory, you can ask your queries, seek guidance, and get help from our knowledgeable community members. Whether you’re curious about choosing the right style of static site, troubleshooting server issues, or optimizing performance, our community is here to assist you.

I did some test with GTmetrix.
There is a lot of time “waiting” related to the TTFB and favicon.ico .
Can somebody confirm this at another static site?
Thanks a lot and kind regards

I use an external script and get the error “Cross-Origin Request Blocked” (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). As far as I know, that can only be configured serverside.
Is there a solution for this?
Thanks a lot and kind regards

The “Cross-Origin Request Blocked” error with the CORS header ‘Access-Control-Allow-Origin’ missing is indeed a server-side configuration issue. CORS (Cross-Origin Resource Sharing) is a security feature implemented by web browsers to restrict web pages from making requests to a different domain than the one that served the web page.

Here are a few potential solutions:

  1. Server-Side Configuration:
  • If you have control over the server, you need to configure it to include the appropriate CORS headers in its responses.
  • Add the following headers to your server’s response:

makefileCopy code

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type

Replace ‘*’ with the specific domain or comma-separated list of domains allowed to make requests.
2. Proxy Server:

  • Set up a proxy server on your own domain that makes the request to the external server on behalf of your client. Your client then makes requests to your proxy server, and the proxy forwards those requests to the external server.
  • The proxy server, being on the same domain as your client, won’t be subject to CORS restrictions.
  1. JSONP (JSON with Padding):
  • If the external server supports JSONP, you can use it as an alternative to XMLHttpRequest. JSONP is a technique for overcoming the same-origin policy limitations.
  • Note that JSONP has security considerations and may not be supported by all APIs.
  1. Use a Server-Side Script:
  • Create a server-side script on your own server that acts as a middleman. Your client sends a request to your server, which, in turn, makes the request to the external server.
  • The client then receives the data from your server, avoiding CORS issues.

Remember that allowing all origins (‘*’) in the Access-Control-Allow-Origin header can be a security risk, and it’s better to specify only the domains that need access. If you don’t have control over the external server, you might need to contact the server administrator or explore alternative methods allowed by the external service.