Apache No 'Access-Control-Allow-Origin' header - apache

I tried to search between old questions but i didn't find how to figure out my issue
I have a LF site; all works pretty good; when i go on http://localhost:8080/ i have no problem and no error is shown on firebug and/or chrome console
I configured then, an Apache HTTP Server. All seems to me correct but when i try the URL http://localhost I see my site but some resources are not loaded. In chrome console (but also in firebug) I get the following error:
2(index):1 Font from origin 'http://localhost:8080' has been blocked
from loading by Cross-Origin Resource Sharing policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost' is therefore not allowed access.
I don't know how to figure out this issue. It seems to me an Apache configuration mistake.
This is my virtual host configuration:
<VirtualHost *:80>
#CORS
<Directory "/var/www/">
AllowOverride All
Order allow,deny
allow from all
</Directory>
# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
ProxyPass /c http://localhost:8080/c
ProxyPassReverse /c http://localhost:8080/c
ProxyPass /si http://localhost:8080/si
ProxyPassReverse /si http://localhost:8080/si
ProxyPass /image http://localhost:8080/image
ProxyPassReverse /image http://localhost:8080/image
ProxyPass /documents http://localhost:8080/documents
ProxyPassReverse /documents http://localhost:8080/documents
ProxyPass /html http://localhost:8080/html
ProxyPassReverse /html http://localhost:8080/html
ProxyPass /sprite http://localhost:8080/sprite
ProxyPassReverse /sprite http://localhost:8080/sprite
ProxyPass /combo http://localhost:8080/combo
ProxyPassReverse /combo http://localhost:8080/combo
ProxyPass / http://localhost:8080/web/mySimpleLog
ProxyPassReverse / http://localhost:8080/web/mySimpleLog
ErrorLog logs/mySimpleLog-error_log
CustomLog logs/mySimpleLog-access_log common
</VirtualHost>
It seems to me all correct... is there any other option i should put?
Do you have any idea where I'm wrong?
Thank you
Angelo


You're setting your CORS headers only on port 80, but the cross-origin part is from port 80 to port 8080 -- you should move the Header set ... outside of virtual host context or duplicate it in your 8080 vhost.

Related

Apache configurations to restrict requests with specific string in request URL

I have one URL configured on Apache. Here is configuration
<VirtualHost 192.168.1.82:443>
ServerName test.ex.com
Header always set Strict-transport-Security "max-age=63072000; includeSubDomain; preload"
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block"
ProxyRequests On
ProxyPass /cong http://192.168.4.185:8081/cong
ProxyPassReverse /cong http://192.168.4.185:8081/cong
ErrorLog logs/test.ex.com-error_log
CustomLog logs/test.ex.com-access_log common
SSLEngine on
SSLCertificateFile /etc/httpd/*.ex.com/36287365__.ex.com.cert
SSLCertificateKeyFile /etc/httpd/*.ex.com/36287365__.ex.com.key
Header add P3P "CP=\"NOI DSP COR CURa ADMa DEVa OUR IND OTC\""
</VirtualHost>
With above configurations, I am allowing all the request comes to https://test.ex.com/cong/. I want to restrict some specific request comes with string "getUserPattern" in request string like https://test.ex.com/cong/module/getUserPattern/final
Tried with ProxyBlock getUserPattern but didn't work. Is there any way/configuration to restrict such URLs at apache level only or redirect to https://test.ex.com/cong.

First, you probably want to disable forward (standard) proxy requests (Setting ProxyRequests to Off does not disable use of the ProxyPass directive):
ProxyRequests Off
If you want to redirect any request containing getUserPattern to https://test.ex.com/cong, add these two directives above your current ProxyPass rules:
RedirectMatch "getUserPattern" "https://test.ex.com/cong"
ProxyPassMatch "getUserPattern" !

Apache virtual host + reverse proxy conflict

I have a server running ubuntu+apache. I have a website running (old ipython notebook with a multiuser-hack) that can be accessed through xxx.xx.xx.xx (=:myip). The corresponding apache configuration called sins.conf looks like this:
<VirtualHost *:80>
ServerName ipython.local-server
ServerAlias
WSGIDaemonProcess ipythonapp2 user=www-data group=www-data processes=2 threads=5\
python-path=/home/sins/ilmrt/lib/python2.7/site-packages
WSGIScriptAlias / /home/sins/ilmrt/ipysite/wsgi.py
<Directory /home/sins/ilmrt/ipysite>
#WSGIProcessGroup ipythonapp2
WSGIApplicationGroup %{GLOBAL}
Require all granted
Allow from all
</Directory>
Alias /static/ /home/sins/ilmrt/ipysite/static/
<Location "/static/">
Options -Indexes
</Location>
</VirtualHost>
and works perfectly.
Now, since I'm about to run a new website (jupyterhub) with reverse proxy in addition, I setup a new apache configuration called jupyterhub.conf:
ProxyPass / http://localhost:9111/
ProxyPassReverse / http://localhost:9111/
Header edit Origin http://myip:9111/ localhost:9111
RequestHeader edit Origin http://myip:9111 localhost:9111
Header edit Referer http://myip:9111 localhost:9111
RequestHeader edit Referer http://myip:9111 localhost:9111
<Location ~ "/(user/[^/]*)/(api/kernels/[^/]+/channels|terminals/websocket)/?">
ProxyPass ws://localhost:9111
ProxyPassReverse ws://localhost:9111
</Location>
If i run sudo a2ensite jupyterhub and sudo service apache2 reload, the new website works as expected under http://myip:9111. However, the old website with the address http://myip shows Service Unavailable.
I don't understand what I need to change to make both sites working at the same time. Any help?
EDIT:
I believe I need to put the jupyterhub configuration inside a <VirtualHost *:9111>, but if I start the jupyterhub server it says
Proxy appears to be running at http://myip:9111, but I can't access it. Connection refused.

Okay, so the trick was as I assumed: It needs to be put in a VirtualHost.
For some reason I initially put a Listen 9111 in front of the config-code below, which is why it blocked something..Here's the code in case anyone is interested:
<VirtualHost *:9111>
ProxyPass / http://localhost:9111/
ProxyPassReverse / http://localhost:9111/
Header edit Origin http://myip:9111/ localhost:9111
RequestHeader edit Origin http://myip:9111 localhost:9111
Header edit Referer http://myip:9111 localhost:9111
RequestHeader edit Referer http://myip:9111 localhost:9111
<Location ~ "/(user/[^/]*)/(api/kernels/[^/]+/channels|terminals/websocket)/?">
ProxyPass ws://localhost:9111
ProxyPassReverse ws://localhost:9111
</Location>
LogLevel debug
</VirtualHost>

apache2 mod_headers not working

Question Description: I want to set my site "Access-Control-Allow-Origin", so I set it in apache's config (almost anywhere), but it's not working. I also set other headers for testing, but it's still not working too.
Apache version: 2.2.22
Apache modules: http://www.anwcl.com/test/show_modules.php
My target url:
http://www.anwcl.com/test/test_only_div.html
And it's linked to my local file:
e:\wamp\www\test\test_only_div.html
And here's my apache's configurations:
E:\wamp\bin\apache\apache2.2.22\conf\httpd.conf
...
LoadModule headers_module modules/mod_headers.so
...
Include conf/extra/httpd-vhosts.conf
...
E:\wamp\bin\apache\apache2.2.22\conf\extra\httpd-vhosts.conf
NameVirtualHost *:80
<VirtualHost *:80>
Header add Access-Control-Allow-Origin "*"
Header echo ^TS
Header add MyHeader "Hello Joe. It took %D microseconds for Apache to serve this request."
ServerAdmin xxx#gmail.com
DocumentRoot "E:/wamp/www/"
ServerName www.anwcl.com
ErrorLog "logs/xxx.log"
CustomLog "logs/xxx.log" common
<Directory "E:/wamp/www/">
Header add Access-Control-Allow-Origin "*"
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
E:\wamp\www\.htaccess
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
E:\wamp\www\test\.htaccess
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
And here's Wireshark's caps, there are no expected headers :
http://www.anwcl.com/question/apache-mod-headers-not-working.jpg
http://www.anwcl.com/question/apache-mod-headers-not-working-304.jpg

I also ran into this issue and fixed it when I realized I was modifying the wrong Virtual-host in my config file found here: /etc/apache2/sites-enabled/000-default.conf.
I was modifying the default VirtualHost config when I was using one with a different port.
<VirtualHost *:6000>
Header set Access-Control-Allow-Origin "*"
</VirtualHost>
I also ran into the error Dylan Maxey described and got around it by disabling the cache in the browser inspector:
Here is also a link to a site I found helpful:
https://enable-cors.org/server_apache.html

Check output of php_info() to see if mod_headers is loaded from your apache webserver.

The changes could have possibly taken place and you aren't seeing the changes within your browser. This is especially typical if you're serving static files like the images you're trying to alter the headers of.
You can even have chrome disable cache while viewing the page with the Javascript console open and still not see the changes take effect.
What you'll want to look for is the response code. If it's a 304, the server has recognized that your browser already has a valid representation of the requested file, and will serve that file. If it does, you will not see the headers you've added after your browser initially downloaded that page.
To see if this is the case, change the url to http://myexample.com/myimage.jpg?t=1, or any other random query parameter and see if that works.

For my case, adding the Header set "key" "value" did not work. I had to use RequestHeader set "key" "value" for the ProxyPass to send the header.
<VirtualHost *:443>
ServerName myserver.com
ServerAlias www.myserver.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8081/
ProxyPassReverse / http://127.0.0.1:8081/
RequestHeader set "X-Forwarded-Proto" "https"
#
# Setup SSL
#
# SSLProxyEngine on
SSLEngine on
SSLCertificateFile location-to-certificate.crt
SSLCertificateKeyFile location-to-private.key
SSLCertificateChainFile location-to-ca_bundle.crt
</VirtualHost>

Configure Apache to avoid cross domain call with Dart

I'm trying to configure Apache using mod_proxy to develop a Dart web app locally, but I can't seem to get it set up correctly.
In my httpd.conf I've enabled the following lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Include conf/extra/httpd-vhosts.conf
In httpd-vhosts.conf I tried to set up what I needed, but it doesn't seem to be working. I've got a spring web app I'm running from Eclipse with Jetty. So that is on http://localhost:8080. Then I run Dart from the Dart Editor, and it ends up being on 127.0.0.1:3030 (although the total path of a request like "login" is: http://127.0.0.1:3030/C:/Users/CorayThan/dart/BlightedRealmUi/web/out/login).
Either way, I'm trying to get apache to redirect my requests from 127.0.0.1:3030 to localhost:8080. I've tried to do that like this in httpd-vhosts.conf:
<VirtualHost *:80>
ServerAdmin test#localhost
ServerName 127.0.0.1:3030
ProxyPass / http://localhost:8080
ProxyPassReverse / http://localhost:8080
ErrorLog "logs/proxy-error.log"
</VirtualHost>
But it doesn't seem to be working at all. Can anyone suggest how I can fix it, or suggest a better way to do this in the first place? (I don't want to use CORS or Jsonp, I just want an easy cross-browser compatible hack for development.)

I'm not sure you can do this, your VHost would have to listen on 3030, not 80 as you have above to perform the proxy function which it can't do as Dart is using this port, below is an extract from a Vhost file I use to proxy from Dartium to a CouchDb server to allow a browser based couchdb client access using CORS, this may not be what you want though :-
<VirtualHost *:8080>
<Proxy http://141.196.22.210:5984>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^OPTIONS
Header set Access-Control-Allow-Origin http://127.0.0.1:3030
Header set Access-Control-Allow-Credentials true
Header set Access-Control-Allow-Headers Content-Type
Header merge Access-Control-Allow-Headers Authorization
Header merge Access-Control-Allow-Headers Destination
Header set Access-Control-Allow-Methods GET
Header merge Access-Control-Allow-Methods POST
Header merge Access-Control-Allow-Methods PUT
Header merge Access-Control-Allow-Methods OPTIONS
Header merge Access-Control-Allow-Methods DELETE
Header merge Access-Control-Allow-Methods HEAD
Header merge Access-Control-Allow-Methods COPY
Header set Access-Control-Max-Age 3600
ProxyRequests off
ProxyPreserveHost Off
KeepAlive Off
ProxyPass / http://141.196.22.210:5984/ nocanon
ProxyPassReverse / http://141.196.22.210:5984/
</VirtualHost>
So, when my client app logs in to Couch it uses 141.196.22.210:8080.

I had the same problem and I solved it by creating a virtual host with a proxy for both tomcat and for the dart application. Roughly, here is my virtual host:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName dartapp
<Location "/tomcat-application-context/">
ProxyPass "http://localhost:8080/tomcat-application-context/"
ProxyPassReverse "http://localhost:8080/tomcat-application-context/"
</Location>
<Location "/dart/">
ProxyPass "http://127.0.0.1:3030/"
ProxyPassReverse "http://127.0.0.1:3030"
</location>
</VirtualHost>
Normally when you "Run in Dartium" you'll access the app with the full path to your dart app:
http://127.0.0.1:3030/full/path/to/web/app.html
Instead, access your apache virtual host with your /full/path/to/web/app.html prefixed with your proxy location (i.e. /dart/full/path/to/web/app.html):
http://dartapp:80/dart/full/path/to/web/app.html

Apache reverse proxy to https server

I'm trying to setup reverse proxy to some web service, so I can develop JavaScript Ajax application on localhost. I have managed to do it with Apache following way:
ProxyPass /serviceproxy/ http://someservice.com/
ProxyPassReverse /serviceproxy/ http://someservice.com/
ProxyHTMLURLMap http://someservice.com/ /serviceproxy/
<Location /serviceproxy>
ProxyPassReverse /
ProxyHTMLEnable On
ProxyHTMLURLMap / /serviceproxy/
ProxyHTMLURLMap http://someservice.com/
RequestHeader unset Accept-Encoding
</Location>
That works fine for http webpages, but not for https pages. If I set proxy to https://someservice.com/, Apache returns 500 Internal server error. I'm new to Apache configuration. How to make it work? Is it even possible?
thanks

You have to enable Ssl module (a2enmod ssl) Then in /etc/apache2/sites-available/default file include following lines
RequestHeader set X-Forwarded-Proto "https"
ServerName localhost
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
Between line
ServerAdmin webmaster#localhost
and line
DocumentRoot /var/www
Hope it helps.