How to allow Cross domain request in apache2

htaccess access-control-allow-origin multiple domains
header set access-control-allow-origin apache httpd conf
access-control-allow-origin apache virtual host
apache options access control allow origin
apache set access-control-allow-origin
no 'access-control-allow-origin' header is present on the requested resource.
apache access-control-allow-headers
apache cors not working

This is my configuration file.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName localhost:80
    DocumentRoot /var/www/XXX
    <Directory />
        Options None
        AllowOverride None
        Order deny,allow
        Deny from all
    </Directory>
    <Directory /var/www/qvbn-app-web-ctrl>
        Options FollowSymLinks
        AllowOverride AuthConfig FileInfo
        Order allow,deny
        Allow from all
        Header set Access-Control-Allow-Origin "*"
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

When i am trying to reload apache2 iT is giving error as :

   Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration
    Action 'configtest' failed.

I don't know how to enable CORS. I followed this: http://enable-cors.org/server_apache.html

OS=GNU/Linux Debian
Httpd=Apache/2.4.10

Change in /etc/apache2/apache2.conf

<Directory /var/www/html>
     Order Allow,Deny
     Allow from all
     AllowOverride all
     Header set Access-Control-Allow-Origin "*"
</Directory>

Add/activate module

 a2enmod headers 

Restart service

/etc/init.t/apache2 restart

CORS on Apache, To add the CORS authorization to the header using Apache, simply add the following line inside either the <Directory> , <Location> , <Files> or <VirtualHost> � Simple hul!? Now, you may simply save the file and quit. Then, in fact, for Header to work in apache, we need to run the following command. command to enable Header for apache sudo a2enmod headers. Now, we are left with only one command to make it work. We simple need to restart the apache! restart your Apache2 server sudo service apache2

First enable mod_headers on your server, then you can use header directive in both Apache conf and .htaccess.

1) enable mod headers

a2enmod headers

2) configure header in .htaccess file

Header add Access-Control-Allow-Origin "*"

 Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"

 Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

How to enable cross-origin resource sharing on an apache server?, For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, in the error message shown above,� Set Access-Control-Allow-Origin (CORS) authorization to the header in Apache web server. Add the following line inside either the <Directory>, <Location>, <Files> sections under <VirtualHost> in Apache configuration files. You can also place this inside the.htaccess file. Header set Access-Control-Allow-Origin "*"

In httpd.conf

  1. Make sure these are loaded:
LoadModule headers_module modules/mod_headers.so

LoadModule rewrite_module modules/mod_rewrite.so
  1. In the target directory:
<Directory "**/usr/local/PATH**">
    AllowOverride None
    Require all granted

    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
    Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
    Header always set Access-Control-Max-Age "600"

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]

</Directory>

If running outside container, you may need to restart apache service.

Set Access-Control-Allow-Origin (CORS) headers in Apache vhost , To improve web applications, developers asked browser vendors to allow XMLHttpRequest to make cross-domain requests. CORS gives web servers cross-domain access controls, which enable secure cross-domain data transfers. So, in order to use it, you need to set the correct headers. I have a really interesting scenario. I've added CORS support to my server (Apache 2.2.16 with 2 Tomcats behind mod_jk (active/passive)). A client wants to do a cross-domain XHR, but the preflight OPTIONS request should *not* be forwarded to the Tomcats, because the backend can't handle it. I tried using mod_rewrite like you also described.

put the following in the site's .htaccess file (in the /var/www/XXX):

Header set Access-Control-Allow-Origin "*"

instead of the .conf file.

You'll also want to use

AllowOverride All

in your .conf file for the domain so Apache looks at it.

How to Enable CORS in Apache and Nginx?, Restrict or allow resource sharing between sites using CORS header. By default, the browser restricts cross-origin HTTP requests through� CORS on Apache. To add the CORS authorization to the header using Apache, simply add the following line inside either the <Directory>, <Location>, <Files> or <VirtualHost> sections of your server config (usually located in a *.conf file, such as httpd.conf or apache.conf), or within a .htaccess file: Header set Access-Control-Allow-Origin "*"

Enable mod_headers in Apache2 to be able to use Header directive :

a2enmod headers

How to Enable CORS in Apache – TecAdmin, Enable CORS in Apache. Set Access-Control-Allow-Origin (CORS) authorization to the header in Apache web server. Add the following line� CORS gives web servers cross-domain access controls, which enable secure cross-domain data transfers. Access-Control-Allow-Origin. So, in order to use it, you need to set the correct headers. In your .htaccess or Apache webserver configuration, add headers like these.

CORS Enabled, CORS is a specification that enables truly open access across domain boundaries. resources please see this full write up on Cross Origin Request Security. This is enabled by default in Apache, however you may want to ensure it's <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule>. This is enabled by default in Apache, however you may want to ensure it's enabled in your deployment by running the following command: a2enmod headers To expose the header, you can add the following line inside , , and sections, or within an .htaccess file. <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule>

Enabling Cross-Origin Resource Sharing (CORS) in HTTP Apache, Resolving The Problem. To enable CORS for an HTTP server the following needs to be added to the configuration: V7R1 and below (Apache� I have a json file hosted on my server. When I try to make an Ajax "GET" request to the json file, it fails. See the console in Safari, it says "Failed to load resource". Firebug shows "200 OK", but the response doesn't show up. Even Firebug does not show the JSON tab. I believe this is because Cross Domain Requests are not allowed using AJAX.

Setting CORS (cross-origin resource sharing) on Apache with , How to allow the browser to make cross origin requests with example CORS configurations for the apache web server. Enable CORS in Apache To enable Cross-Origin Resource Sharing (CORS) in Apache you'll need to set at least one HTTP header which changes it (the default behaviour is to block CORS). In the following example, we're going to be setting this HTTP header inside.htaccess, but it can also be set in your site.conf file or the Apache config file.

Comments
  • You are very welcome, just trying to provide all details.
  • Thanks a lot..was stuck in this for a long time..I was trying to do this by LocationMatch and all.. but this worked like a charm
  • Worked like a charm.
  • Also, restart apache after enabling the header module.
  • This is the only answer in this thread that addresses pre-flight OPTIONS requests. Nice work!