How to allow Cross domain request in apache2

Question

This is my configuration file     lt VirtualHost   80 gt      ServerAdmin webmaster localhost     ServerName localhost 80     DocumentRoot  var www XXX      lt Directory   gt          Options None         AllowOverride None         Order deny allow         Deny from all      lt  Directory gt       lt Directory  var www qvbn-app-web-ctrl gt          Options FollowSymLinks         AllowOverride AuthConfig FileInfo         Order allow deny         Allow from all         Header set Access-Control-Allow-Origin          lt  Directory gt      ErrorLog   APACHE LOG DIR  error log     LogLevel warn     CustomLog   APACHE LOG DIR  access log combined  lt  VirtualHost gt    When i am trying to reload apache2 iT is giving error as       Invalid command  Header   perhaps misspelled or defined by a module not included in the server configuration     Action  configtest  failed    I don t know how to enable CORS  I followed this  http   enable-cors org server apache html

User · Answer

Ubuntu Apache2 solution that worked for me .htaccess edit did not work for me I had to modify the conf file.

nano /etc/apache2/sites-available/mydomain.xyz.conf

my config that worked to allow CORS Support

<IfModule mod_ssl.c>
    <VirtualHost *:443>

        ServerName mydomain.xyz
        ServerAlias www.mydomain.xyz

        ServerAdmin [email protected]
        DocumentRoot /var/www/mydomain.xyz/public

        ### following three lines are for CORS support
        Header add Access-Control-Allow-Origin "*"
        Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
        Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLCertificateFile /etc/letsencrypt/live/mydomain.xyz/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.xyz/privkey.pem

    </VirtualHost>
</IfModule>

then type the following command

a2enmod headers

make sure cache is clear before trying

User · Answer

First enable mod headers on your server  then you can use header directive in both Apache conf and  htaccess   enable mod headers   a2enmod headers   configure header in  htaccess file   Header add Access-Control-Allow-Origin  quot   quot  Header add Access-Control-Allow-Headers  quot origin  x-requested-with  content-type quot  Header add Access-Control-Allow-Methods  quot PUT  GET  POST  DELETE  OPTIONS quot

User · Answer

You can also put below code to the httaccess file as well to allow CORS using htaccess file                               Handling Options for the CORS     RewriteCond   REQUEST METHOD  OPTIONS     RewriteRule         1  L R 204                            Add custom headers    Header set X-Content-Type-Options  nosniff     Header set X-XSS-Protection  1  mode block       Always set these headers for CORS      Header always set Access-Control-Max-Age 1728000    Header always set Access-Control-Allow-Origin         Header always set Access-Control-Allow-Methods   GET POST OPTIONS DELETE PUT     Header always set Access-Control-Allow-Headers   DNT X-CustomHeader Keep-Alive User-Agent X-Requested-With If-Modified-Since Cache-Control C     Header always set Access-Control-Allow-Credentials true   For information purpose  You can also have a look at this article http   www ipragmatech com enable-cors-using-htaccess  which allow CORS header

User · Answer

Enable mod headers in Apache2 to be able to use Header directive    a2enmod headers

User · Answer

OS GNU Linux Debian Httpd Apache 2 4 10  Change in  etc apache2 apache2 conf  lt Directory  var www html gt       Order Allow Deny      Allow from all      AllowOverride all      Header set Access-Control-Allow-Origin  quot   quot   lt  Directory gt   Add activate module  a2enmod headers   Restart service  etc init d apache2 restart

User · Answer

In httpd conf   Make sure these are loaded    LoadModule headers module modules mod headers so  LoadModule rewrite module modules mod rewrite so    In the target directory     lt Directory     usr local PATH    gt      AllowOverride None     Require all granted      Header always set Access-Control-Allow-Origin         Header always set Access-Control-Allow-Methods  POST  GET  OPTIONS  DELETE  PUT      Header always set Access-Control-Allow-Headers  x-requested-with  Content-Type  origin  authorization  accept  client-security-token      Header always set Access-Control-Expose-Headers  Content-Security-Policy  Location      Header always set Access-Control-Max-Age  600       RewriteEngine On     RewriteCond   REQUEST METHOD  OPTIONS     RewriteRule         1  R 200 L    lt  Directory gt   If running outside container  you may need to restart apache service

User · Answer

put the following in the site s  htaccess file  in the  var www XXX    Header set Access-Control-Allow-Origin       instead of the  conf file     You ll also want to use   AllowOverride All   in your  conf file for the domain so Apache looks at it

User · Answer

I had a lot of trouble getting this to work   Dummy me  don t forget that old page - even for sub-requests - gets cached in your browser   Maybe obvious  but clear your browsers cache   After that  one can also use Header set Cache-Control  no-store   This was helpful to me while testing

[apache] How to allow Cross domain request in apache2

then type the following command

make sure cache is clear before trying

Examples related to apache

Examples related to cors