This is my configuration file.
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName localhost:80
DocumentRoot /var/www/XXX
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory /var/www/qvbn-app-web-ctrl>
Options FollowSymLinks
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
Header set Access-Control-Allow-Origin "*"
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
When i am trying to reload apache2 iT is giving error as :
Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
I don't know how to enable CORS. I followed this: http://enable-cors.org/server_apache.html
put the following in the site's .htaccess file (in the /var/www/XXX):
Header set Access-Control-Allow-Origin "*"
instead of the .conf file.
You'll also want to use
AllowOverride All
in your .conf file for the domain so Apache looks at it.
Enable mod_headers in Apache2 to be able to use Header directive :
a2enmod headers
In httpd.conf
LoadModule headers_module modules/mod_headers.so
LoadModule rewrite_module modules/mod_rewrite.so
<Directory "**/usr/local/PATH**">
AllowOverride None
Require all granted
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "600"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Directory>
If running outside container, you may need to restart apache service.
Ubuntu Apache2 solution that worked for me .htaccess edit did not work for me I had to modify the conf file.
nano /etc/apache2/sites-available/mydomain.xyz.conf
my config that worked to allow CORS Support
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.xyz
ServerAlias www.mydomain.xyz
ServerAdmin [email protected]
DocumentRoot /var/www/mydomain.xyz/public
### following three lines are for CORS support
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/mydomain.xyz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.xyz/privkey.pem
</VirtualHost>
</IfModule>
a2enmod headers
I had a lot of trouble getting this to work. Dummy me, don't forget that old page - even for sub-requests - gets cached in your browser. Maybe obvious, but clear your browsers cache. After that, one can also use Header set Cache-Control "no-store"
This was helpful to me while testing.
You can also put below code to the httaccess file as well to allow CORS using htaccess file
######################## Handling Options for the CORS
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [L,R=204]
##################### Add custom headers
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
# Always set these headers for CORS.
Header always set Access-Control-Max-Age 1728000
Header always set Access-Control-Allow-Origin: "*"
Header always set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
Header always set Access-Control-Allow-Headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$
Header always set Access-Control-Allow-Credentials true
For information purpose, You can also have a look at this article http://www.ipragmatech.com/enable-cors-using-htaccess/ which allow CORS header.
OS=GNU/Linux Debian
Httpd=Apache/2.4.10
Change in /etc/apache2/apache2.conf
<Directory /var/www/html>
Order Allow,Deny
Allow from all
AllowOverride all
Header set Access-Control-Allow-Origin "*"
</Directory>
Add/activate module
a2enmod headers
Restart service
/etc/init.d/apache2 restart
First enable mod_headers
on your server, then you can use header directive in both Apache conf and .htaccess
.
mod_headers
a2enmod headers
.htaccess
fileHeader add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Source: Stackoverflow.com