enable cors in htaccess

Question

I have created a basic RESTful service with the SLIM PHP framework and now I m trying to wire it up so that I can access the service from an Angular js project  I have read that Angular supports CORS out of the box and all I needed to do was add this line  Header set Access-Control-Allow-Origin     to my  htaccess file    I ve done this and my REST application is still working  no 500 internal server error from a bad  htaccess  but when I try to test it from test-cors org it is throwing an error   Fired XHR event  loadstart Fired XHR event  readystatechange Fired XHR event  error  XHR status  0 XHR status text   Fired XHR event  loadend   My  htaccess file looks like this  RewriteEngine On RewriteCond   REQUEST FILENAME   -f RewriteRule    index php  QSA L  Header set Access-Control-Allow-Origin     Header set Access-Control-Allow-Methods   GET POST OPTIONS DELETE PUT    Is there something else I need to add to my  htaccess to get this to work properly or is there another way to enable CORS on my server

User · Answer

This is what worked for me   Header add Access-Control-Allow-Origin     Header add Access-Control-Allow-Headers  origin  x-requested-with  content-type  Header add Access-Control-Allow-Methods  PUT  GET  POST  DELETE  OPTIONS

User · Answer

As in this answer Custom HTTP Header for a specific file you can use  lt File gt  to enable CORS for a single file with this code    lt Files  index php  gt    Header set Access-Control-Allow-Origin       Header set Access-Control-Allow-Methods   GET POST OPTIONS DELETE PUT   lt  Files gt

User · Answer

Thanks to Devin  I figured out the solution for my SLIM application with multi domain access    In htaccess    SetEnvIf Origin  http s      www     allowed domain one allowed domain two    AccessControlAllowOrigin  0 1 Header set Access-Control-Allow-Origin   AccessControlAllowOrigin e env AccessControlAllowOrigin Header set Access-Control-Allow-Credentials true   in index php     Access-Control headers are received during OPTIONS requests if    SERVER  REQUEST METHOD       OPTIONS          if  isset   SERVER  HTTP ACCESS CONTROL REQUEST METHOD             header  Access-Control-Allow-Methods  GET  POST  PUT  DELETE  OPTIONS                  if  isset   SERVER  HTTP ACCESS CONTROL REQUEST HEADERS             header  Access-Control-Allow-Headers     SERVER  HTTP ACCESS CONTROL REQUEST HEADERS            instead of mapping   app- gt options     x     function   use   app             return correct headers         app- gt response- gt setStatus 200

User · Answer

Should t the  htaccess use add instead of set   Header add Access-Control-Allow-Origin     Header add Access-Control-Allow-Methods   GET POST OPTIONS DELETE PUT

User · Answer

It s look like you are using an old version of slim 2 x   You can just add following lines to  htaccess and don t need to do anything in PHP scripts     Enable cross domain access control SetEnvIf Origin   http s             domain one  com domain two  net    REQUEST ORIGIN  0 Header always set Access-Control-Allow-Origin   REQUEST ORIGIN e env REQUEST ORIGIN Header always set Access-Control-Allow-Methods  GET  POST  PUT  DELETE  Header always set Access-Control-Allow-Headers  Authorization    Force to request 200 for options RewriteEngine On RewriteCond   REQUEST METHOD  OPTIONS RewriteRule       R 200 L

User · Answer

Since I had everything being forwarded to index php anyway I thought I would try setting the headers in PHP instead of the  htaccess file and it worked  YAY  Here s what I added to index php for anyone else having this problem      Allow from any origin if  isset   SERVER  HTTP ORIGIN              should do a check here to match   SERVER  HTTP ORIGIN   to a        whitelist of safe domains     header  Access-Control-Allow-Origin     SERVER  HTTP ORIGIN           header  Access-Control-Allow-Credentials  true        header  Access-Control-Max-Age  86400          cache for 1 day      Access-Control headers are received during OPTIONS requests if    SERVER  REQUEST METHOD       OPTIONS          if  isset   SERVER  HTTP ACCESS CONTROL REQUEST METHOD             header  Access-Control-Allow-Methods  GET  POST  PUT  DELETE  OPTIONS                  if  isset   SERVER  HTTP ACCESS CONTROL REQUEST HEADERS             header  Access-Control-Allow-Headers     SERVER  HTTP ACCESS CONTROL REQUEST HEADERS            credit goes to slashingweapon for his answer on this question  Because I m using Slim I added this route so that OPTIONS requests get a HTTP 200 response     return HTTP 200 for HTTP OPTIONS requests  app- gt map    x    function  x        http response code 200     - gt via  OPTIONS

User · Answer

I tried  abimelex solution  but in Slim 3 0  mapping the OPTIONS requests goes like    app   new  Slim App     app- gt options   books  id    function   request   response   args           Return response headers       https   www slimframework com docs objects router html options-route

User · Answer

Will be work 100   Apply in  htaccess      Enable cross domain access control SetEnvIf Origin   http s             1xyz  com 2xyz  com    REQUEST ORIGIN  0 Header always set Access-Control-Allow-Origin   REQUEST ORIGIN e env REQUEST ORIGIN Header always set Access-Control-Allow-Methods  GET  POST  PUT  DELETE  OPTIONS  Header always set Access-Control-Allow-Headers  x-test-header  Origin  X-Requested-With  Content-Type  Accept     Force to request 200 for options RewriteEngine On RewriteCond   REQUEST METHOD  OPTIONS RewriteRule       R 200 L

[php] enable cors in .htaccess

Examples related to php

Examples related to apache

Examples related to .htaccess

Examples related to cors

Examples related to slim