I have URL rewrite mode enabled for my localhost (apache) server well. But as soon as I try to get access the remote URL via my localhost. it prompts error as:
"Internal Server Error" or sometime "Not Found"
and if I make little change (by removing [P]) in my htaccess file then it's showing the expected URL at console log but still it prompts error as -
" No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin http://localhost:8080' is therefore not allowed access."
My .htaccess file is as:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^8080$
RewriteRule ^(.*) http://%{SERVER_NAME}:8080%{REQUEST_URI} [P]
RewriteRule ^(.*) http://<Remote_ip_address>:<port_no>%{REQUEST_URI} [P]
</IfModule>
Any suggestion would be highly appreciated !!
This is an intentional security feature (the Same-origin policy). You need to enable CORS (Cross-Origin Resource Sharing) on the destination server (not in your .htaccess file here, but on Remote_ip_address). Here are a few resources:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
http://enable-cors.org/server_apache.html
This solution below works for me in the vhost file located there :
/etc/httpd/conf.d/vhosts/xxxx.conf
SetEnvIf Origin "^http(s)?://(.+\.)?(yourdomain\.com|otherdomain\.com)$" origin_is=$0
Header set Access-Control-Allow-Origin %{origin_is}e env=origin_is
Header set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "Authorization"
Header always set Access-Control-Allow-Methods "GET"
DO NOT FORGET
to change yourdomain.com|otherdomain.com
To add/modify the correct Access-Control-Allow-Methods GET, PUT,PUATCH, DELETE, POST
Related
I am not able to see SameSite=Strict using builtin developer tools in the “Application” tab.
I have added below Header code in Apache configuration
Header always edit Set-Cookie (.*) "$1;SameSite=Strict"
Header edit Set-Cookie ^(.*)$ $1;SameSite=Strict
Please let me know how to set SameSite=Strict using above settings.
For apache2 >= 2.2.4
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Strict
For apache2 lower than 2.2.4
Header set Set-Cookie HttpOnly;Secure;SameSite=Strict
In my local environment (Apache 2.4) after enabling mod_headers I was able to achive this by adding directives like below in my vhost:
<ifmodule mod_headers.c>
Header always edit Set-Cookie (.*) "$1; SameSite=strict"
</ifmodule>
Where is the difference? Why it didn't work for you? Mayby its lack of "space" after semicolon?
<ifmodule mod_headers.c>
# always is similar to "onerrors"
Header always edit Set-Cookie (.*) "$1; SameSite=strict"
# success is similar to http 2xx response code
Header onsuccess edit Set-Cookie (.*) "$1; SameSite=strict"
# remove duplications (apache sends from both tables always and onsuccess)
## https://www.tunetheweb.com/security/http-security-headers/secure-cookies/
#Strip off double SameSite=strict settings as using above you can sometimes get both
Header edit Set-Cookie ^(.*);\s?SameSite=strict;?\s?(.*);\s?SameSite=strict;?\s?(.*)$ "$1; $2; $3; SameSite=strict"
#Strip off double ;; settings
Header edit Set-Cookie ^(.*);\s?;\s?(.*)$ "$1; $2"
</ifmodule>
[apache manual] (https://httpd.apache.org/docs/2.2/de/mod/mod_headers.html)
[stack discusion] (httpd duplicate Access-Control-Allow-Origin with "Header always set")
Apache is using as proxy for jboss. It is redirecting all requests from 80 port to jboss-s ports. I added https support of apache so all response to customer browser(JS, CSS etc) have has https links in header instead http.
Header example without ssl:
General
Request URL: http://www-prd.corp.sdl.com/ww/en/assets-re1/css/css.css
Referrer Policy: no-referrer-when-downgrade
Header with ssl include:
General
Request URL: https://www-prd.corp.sdl.com/ww/en/assets-re1/css/css.css
Referrer Policy: no-referrer-when-downgrade
I want rewrite header which apache returned to browser as was - http:\URL .
I tried
RewriteEngine on
Header edit request "^https://www-prd.corp.sdl.com/(.*)$" "http://www-prd.corp.sdl.com/$1"
RewriteEngine on
Header edit "^https://www-prd.corp.sdl.com/(.*)$" "http://www-prd.corp.sdl.com/$1"
and
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www-prd.corp.sdl.com$ [NC]
RewriteRule ^(.*)$ https://www-prd.corp.sdl.com$1 [L]
But these didn't help me.
I used for changes by Substitute .
I’m trying to set an HTTPS-only header with .htaccess.
This works on MAMP Pro, but on the live server the header is missing on 301 redirect responses:
Header always set Strict-Transport-Security '...' env=HTTPS
The issue can be fixed with this:
Header always set Strict-Transport-Security '...' "expr=%{HTTPS} == 'on'"
But it doesn’t work with MAMP: 500 Internal Server Error is returned.
Can I make expressions (like that "expr=%{HTTPS} == 'on'") work on MAMP? How?
In my experience, MAMP/MAMP Pro does not necessarily work with .htaccess. Mainly due to the fact that MAMP makes your machine a local server, so depending on your .htaccess some rules may be conflicting with MAMP's setup. Every time I run a local instance of one of my sites on MAMP I have to temporarily remove any and all .htaccess files.
In terms of getting your server to force ssl connections, I used these lines of code at the top of .htaccess below "Options -Indexes":
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Is there a way to disable the server signature without access to the httpd.conf?
I can't access to the php.ini too...
I am allowed to edit only the .htaccess
In the .htaccess I tried to add:
1) this, but makes no effect:
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
RewriteRule .* - [F]
2) this, but "ServerTokens Prod" gives me an error 500
ServerSignature Off
ServerTokens Prod
Adding only "ServerSignature Off", the signature disappears only from the document, but in the response headers it is still present...
How can I remove it?
ServerTokens is only for server config not .htaccess.
http://httpd.apache.org/docs/2.2/en/mod/core.html#servertokens
Have you tried to add these lines in .htacess file:
ServerSignature Off
Header unset Etag
FileETag none
Have added/set the header for access control in .htaccess file of the directory where the web application is present (drupal) . but when making a ajax request for it with jquery, the console error gives following message:
XMLHttpRequest cannot load http://localhost/drupal/get/news.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://127.0.0.1:56687' is therefore not allowed access.
the .htaccess is insider the folder "drupal" and the header is set at the following:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
Any help will be appreciated.
XMLHttpRequest cannot load http://localhost/drupal/get/news.
The above means that in your Drupal CMS, you have references pointing to your localhost. My guess is that you constructed your site locally, and then migrated to a live server, but in doing so, some of the references are not yet changed. I would recommend you to replace all http://localhost instances in your .sql file with http://yourdomain.com since the files are meant to be publicly available and no one else can access your localhost resources from outside network.