If I remove the davejohnson.co.uk and put in a wild card '*' 

<IfModule mod_headers.c>

    Header set Access-Control-Allow-Origin '*'

    Header set Access-Control-Allow-Methods "GET, HEAD"

    Header set Access-Control-Allow-Headers "Content-Type, Authorization"

</IfModule>
then it works using

https://davejohnson.co.uk/test/AdvanceGuardianHeroesUSA.gba with no errors, but I am aware that is dangerous as far as security is concerned.

I will keep playing around, there must be a way to do this

I found a CORS test.
https://cors-test.codehappy.dev/?url=https%3A%2F%2Fwww.davejohnson.co.uk&origin=https%3A%2F%2Fwww.quizland.co.uk%2F&method=get

When I did the test I see ? character I wonder if the " wasn't encoded properly maybe try changing them to ' in the config?

Quote from: Neša on Oct 04, 2025, 03:01 AMIt's interesting that the game works with the IP alone.
In shared hosting they use a virtual site, they have one IP and configurations with different URLs that will route to different sites.
This works because you send a reference to the web server of the URL you are trying to get to.

The email delay is happening on some SMF 2.1.6 forums, they say it should be fixed in 2.1.7

Have you tried to make it https://www.davejohnson.co.uk/test/? not sure if it will fix it /test is just a directory.

Thanks again for the reply. Yes I tried the '/test' option but that made no difference the game still worked with the IP address but not with the web address. I'll keep at 

It's interesting that the game works with the IP alone.
In shared hosting they use a virtual site, they have one IP and configurations with different URLs that will route to different sites.
This works because you send a reference to the web server of the URL you are trying to get to.

The email delay is happening on some SMF 2.1.6 forums, they say it should be fixed in 2.1.7

Have you tried to make it https://www.davejohnson.co.uk/test/? not sure if it will fix it /test is just a directory.

Another update.

As in the previous post the games works using the sites IP address. I found I didn't need the
IP:443 as the game works without it, but now when I test play the game I get an SMF error as per the image attached, the game plays fine and loads as it should, again if I substitute the IP address for the normal website the game doesn't play.

I will keep testing stuff over the next few hours and if I find anything I'll let you know.

Please don't spend to much time on this, now I'm retired it's something I do to pass the time, but I'm sure you have better things to do. If something sticks out then please let me know other than that please feel free to ignore it 


NOTE: I have now removed the link address from the 'Optional External Link' so the file will play from the internal Quizland folder

I've update the previous post Nesa, you replied before I'd finished 

NOTE: I didn't get the email notification for your first reply until after I had read the post this morning, not sure why it's being delayed, but the same thing has happened before on this site

You're welcome

Thanks very much Nesa.

Those options didn't work for me. I tested the CORS by opening F12 and the settings show as per the attached image.

However I have got it to work, instead of
https://www.davejohnson.co.uk I used
https://IP address:443 and for me the game now works. To test that it is coming from the remote site I changed the file name in the Quizland Rom storage folder and it's still works fine.

Without your help I would never have gone down that route so thanks again Nesa 

I had a hunch it might be CORS and it is.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSMissingAllowOrigin?utm_source=devtools&utm_medium=firefox-cors-errors&utm_campaign=default

You could try adding the required section in .htaccess https://nestnepal.com/blog/enable-cors-in-cpanel-for-cross-domain-access/

You would change
Header set Access-Control-Allow-Origin "*" to be
Header set Access-Control-Allow-Origin "https://www.davejohnson.co.uk"from his example.

It should look something like this.
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "https://www.davejohnson.co.uk"
    Header set Access-Control-Allow-Methods "HEAD, GET"
    Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>
I've turned off the CORS check for your site using a plug in and the game loads for me.

So, my question is... are you use object storage buckets for both links?