Question Description: I want to set my site "Access-Control-Allow-Origin", so I set it in apache's config (almost anywhere), but it's not working. I also set other headers for testing, but it's still not working too.
Apache version: 2.2.22
Apache modules: http://www.anwcl.com/test/show_modules.php
My target url:
http://www.anwcl.com/test/test_only_div.html
And it's linked to my local file:
e:\wamp\www\test\test_only_div.html
And here's my apache's configurations:
E:\wamp\bin\apache\apache2.2.22\conf\httpd.conf
...
LoadModule headers_module modules/mod_headers.so
...
Include conf/extra/httpd-vhosts.conf
...
E:\wamp\bin\apache\apache2.2.22\conf\extra\httpd-vhosts.conf
NameVirtualHost *:80
<VirtualHost *:80>
Header add Access-Control-Allow-Origin "*"
Header echo ^TS
Header add MyHeader "Hello Joe. It took %D microseconds for Apache to serve this request."
ServerAdmin xxx#gmail.com
DocumentRoot "E:/wamp/www/"
ServerName www.anwcl.com
ErrorLog "logs/xxx.log"
CustomLog "logs/xxx.log" common
<Directory "E:/wamp/www/">
Header add Access-Control-Allow-Origin "*"
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
E:\wamp\www\.htaccess
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
E:\wamp\www\test\.htaccess
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
And here's Wireshark's caps, there are no expected headers :
http://www.anwcl.com/question/apache-mod-headers-not-working.jpg
http://www.anwcl.com/question/apache-mod-headers-not-working-304.jpg
I also ran into this issue and fixed it when I realized I was modifying the wrong Virtual-host in my config file found here: /etc/apache2/sites-enabled/000-default.conf.
I was modifying the default VirtualHost config when I was using one with a different port.
<VirtualHost *:6000>
Header set Access-Control-Allow-Origin "*"
</VirtualHost>
I also ran into the error Dylan Maxey described and got around it by disabling the cache in the browser inspector:
Here is also a link to a site I found helpful:
https://enable-cors.org/server_apache.html
Check output of php_info() to see if mod_headers is loaded from your apache webserver.
The changes could have possibly taken place and you aren't seeing the changes within your browser. This is especially typical if you're serving static files like the images you're trying to alter the headers of.
You can even have chrome disable cache while viewing the page with the Javascript console open and still not see the changes take effect.
What you'll want to look for is the response code. If it's a 304, the server has recognized that your browser already has a valid representation of the requested file, and will serve that file. If it does, you will not see the headers you've added after your browser initially downloaded that page.
To see if this is the case, change the url to http://myexample.com/myimage.jpg?t=1, or any other random query parameter and see if that works.
For my case, adding the Header set "key" "value" did not work. I had to use RequestHeader set "key" "value" for the ProxyPass to send the header.
<VirtualHost *:443>
ServerName myserver.com
ServerAlias www.myserver.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8081/
ProxyPassReverse / http://127.0.0.1:8081/
RequestHeader set "X-Forwarded-Proto" "https"
#
# Setup SSL
#
# SSLProxyEngine on
SSLEngine on
SSLCertificateFile location-to-certificate.crt
SSLCertificateKeyFile location-to-private.key
SSLCertificateChainFile location-to-ca_bundle.crt
</VirtualHost>
Related
I have an error when try to put my chat on my webiste
Failed to load
https://chat.example.com/socket.io/?EIO=3&transport=polling&t=MBK-pzZ:
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'https://example.com' is therefore not allowed access.
The response had HTTP status code 503.
on my VH on apache I did:
<VirtualHost 1.1.1.1:443>
SSLEngine on
ServerName www.example.com
ServerAlias www.example.com example.com
ServerAdmin webmaster#example.com
DocumentRoot /home/myuser/public_html
UseCanonicalName OFF
<Directory /home/myuser/public_html>
Options None
Options +FollowSymLinks
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
</Directory>
</VirtualHost>
but it's not help.
using apache 2.4
thanks
It was with my apache configuration the "httpd-default.conf"
I found this 2 lines:
Header set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Origin "*"
when i remove it, it's works
thanks!
You can also put these lines in .htacces file to fix this issue.
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
I have one URL configured on Apache. Here is configuration
<VirtualHost 192.168.1.82:443>
ServerName test.ex.com
Header always set Strict-transport-Security "max-age=63072000; includeSubDomain; preload"
Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection: "1; mode=block"
ProxyRequests On
ProxyPass /cong http://192.168.4.185:8081/cong
ProxyPassReverse /cong http://192.168.4.185:8081/cong
ErrorLog logs/test.ex.com-error_log
CustomLog logs/test.ex.com-access_log common
SSLEngine on
SSLCertificateFile /etc/httpd/*.ex.com/36287365__.ex.com.cert
SSLCertificateKeyFile /etc/httpd/*.ex.com/36287365__.ex.com.key
Header add P3P "CP=\"NOI DSP COR CURa ADMa DEVa OUR IND OTC\""
</VirtualHost>
With above configurations, I am allowing all the request comes to https://test.ex.com/cong/. I want to restrict some specific request comes with string "getUserPattern" in request string like https://test.ex.com/cong/module/getUserPattern/final
Tried with ProxyBlock getUserPattern but didn't work. Is there any way/configuration to restrict such URLs at apache level only or redirect to https://test.ex.com/cong.
First, you probably want to disable forward (standard) proxy requests (Setting ProxyRequests to Off does not disable use of the ProxyPass directive):
ProxyRequests Off
If you want to redirect any request containing getUserPattern to https://test.ex.com/cong, add these two directives above your current ProxyPass rules:
RedirectMatch "getUserPattern" "https://test.ex.com/cong"
ProxyPassMatch "getUserPattern" !
I need to show some sites in a iframe and I cannot do that directly as some of those sites have the header X-Frame-Options set to 'SAMEORIGIN'. As a way to bypass this I tried using an reverse proxy in apache. Below is the my apache configuration
<VirtualHost *:80>
ServerName google.local
ProxyRequests Off
DocumentRoot /var/www/html/iframe-test
ProxyPass /test http://www.oracle.com/index.html
ProxyPassReverse /test http://www.oracle.com/index.html
ErrorLog /var/log/apache2/google.local-error.log
CustomLog /var/log/apache2/google.local-access.log combined
<Location *>
AllowOverride All
Order allow,deny
Allow from all
# Header always append X-Frame-Options "ALLOW-FROM all"
Header add test-header 'test'
</Location>
But still I cannot load the site in iframe and I am getting the error Load denied by X-Frame-Options: https://www.oracle.com/index.html does not permit cross-origin framing.
The issue with the above configuration was that the proxy only worked for http protocol. But as seen in the console error message the external site actually redirect http to https automatically.
So to handle the https requests all it was needed to enable ssl in apache and turn on SSLProxyEngine. To do that,
run sudo a2enmod ssl on terminal
add the line 'SSLProxyEngine On' to the above config
<VirtualHost *:80>
ServerName google.local
ProxyRequests On
ProxyPreserveHost Off
SSLProxyEngine On
DocumentRoot /var/www/html/iframe-test
ProxyPass /test http://www.oracle.com/index.html
ProxyPassReverse /test http://www.oracle.com/index.html
ErrorLog /var/log/apache2/google.local-error.log
CustomLog /var/log/apache2/google.local-access.log combined
<Location *>
AllowOverride All
Order allow,deny
Allow from all
# Header always append X-Frame-Options "ALLOW-FROM all"
Header add test-header 'test'
</Location>
</VirtualHost>
I tried to search between old questions but i didn't find how to figure out my issue
I have a LF site; all works pretty good; when i go on http://localhost:8080/ i have no problem and no error is shown on firebug and/or chrome console
I configured then, an Apache HTTP Server. All seems to me correct but when i try the URL http://localhost I see my site but some resources are not loaded. In chrome console (but also in firebug) I get the following error:
2(index):1 Font from origin 'http://localhost:8080' has been blocked
from loading by Cross-Origin Resource Sharing policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost' is therefore not allowed access.
I don't know how to figure out this issue. It seems to me an Apache configuration mistake.
This is my virtual host configuration:
<VirtualHost *:80>
#CORS
<Directory "/var/www/">
AllowOverride All
Order allow,deny
allow from all
</Directory>
# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
ProxyPass /c http://localhost:8080/c
ProxyPassReverse /c http://localhost:8080/c
ProxyPass /si http://localhost:8080/si
ProxyPassReverse /si http://localhost:8080/si
ProxyPass /image http://localhost:8080/image
ProxyPassReverse /image http://localhost:8080/image
ProxyPass /documents http://localhost:8080/documents
ProxyPassReverse /documents http://localhost:8080/documents
ProxyPass /html http://localhost:8080/html
ProxyPassReverse /html http://localhost:8080/html
ProxyPass /sprite http://localhost:8080/sprite
ProxyPassReverse /sprite http://localhost:8080/sprite
ProxyPass /combo http://localhost:8080/combo
ProxyPassReverse /combo http://localhost:8080/combo
ProxyPass / http://localhost:8080/web/mySimpleLog
ProxyPassReverse / http://localhost:8080/web/mySimpleLog
ErrorLog logs/mySimpleLog-error_log
CustomLog logs/mySimpleLog-access_log common
</VirtualHost>
It seems to me all correct... is there any other option i should put?
Do you have any idea where I'm wrong?
Thank you
Angelo
You're setting your CORS headers only on port 80, but the cross-origin part is from port 80 to port 8080 -- you should move the Header set ... outside of virtual host context or duplicate it in your 8080 vhost.
I'm trying to configure Apache using mod_proxy to develop a Dart web app locally, but I can't seem to get it set up correctly.
In my httpd.conf I've enabled the following lines:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Include conf/extra/httpd-vhosts.conf
In httpd-vhosts.conf I tried to set up what I needed, but it doesn't seem to be working. I've got a spring web app I'm running from Eclipse with Jetty. So that is on http://localhost:8080. Then I run Dart from the Dart Editor, and it ends up being on 127.0.0.1:3030 (although the total path of a request like "login" is: http://127.0.0.1:3030/C:/Users/CorayThan/dart/BlightedRealmUi/web/out/login).
Either way, I'm trying to get apache to redirect my requests from 127.0.0.1:3030 to localhost:8080. I've tried to do that like this in httpd-vhosts.conf:
<VirtualHost *:80>
ServerAdmin test#localhost
ServerName 127.0.0.1:3030
ProxyPass / http://localhost:8080
ProxyPassReverse / http://localhost:8080
ErrorLog "logs/proxy-error.log"
</VirtualHost>
But it doesn't seem to be working at all. Can anyone suggest how I can fix it, or suggest a better way to do this in the first place? (I don't want to use CORS or Jsonp, I just want an easy cross-browser compatible hack for development.)
I'm not sure you can do this, your VHost would have to listen on 3030, not 80 as you have above to perform the proxy function which it can't do as Dart is using this port, below is an extract from a Vhost file I use to proxy from Dartium to a CouchDb server to allow a browser based couchdb client access using CORS, this may not be what you want though :-
<VirtualHost *:8080>
<Proxy http://141.196.22.210:5984>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^OPTIONS
Header set Access-Control-Allow-Origin http://127.0.0.1:3030
Header set Access-Control-Allow-Credentials true
Header set Access-Control-Allow-Headers Content-Type
Header merge Access-Control-Allow-Headers Authorization
Header merge Access-Control-Allow-Headers Destination
Header set Access-Control-Allow-Methods GET
Header merge Access-Control-Allow-Methods POST
Header merge Access-Control-Allow-Methods PUT
Header merge Access-Control-Allow-Methods OPTIONS
Header merge Access-Control-Allow-Methods DELETE
Header merge Access-Control-Allow-Methods HEAD
Header merge Access-Control-Allow-Methods COPY
Header set Access-Control-Max-Age 3600
ProxyRequests off
ProxyPreserveHost Off
KeepAlive Off
ProxyPass / http://141.196.22.210:5984/ nocanon
ProxyPassReverse / http://141.196.22.210:5984/
</VirtualHost>
So, when my client app logs in to Couch it uses 141.196.22.210:8080.
I had the same problem and I solved it by creating a virtual host with a proxy for both tomcat and for the dart application. Roughly, here is my virtual host:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName dartapp
<Location "/tomcat-application-context/">
ProxyPass "http://localhost:8080/tomcat-application-context/"
ProxyPassReverse "http://localhost:8080/tomcat-application-context/"
</Location>
<Location "/dart/">
ProxyPass "http://127.0.0.1:3030/"
ProxyPassReverse "http://127.0.0.1:3030"
</location>
</VirtualHost>
Normally when you "Run in Dartium" you'll access the app with the full path to your dart app:
http://127.0.0.1:3030/full/path/to/web/app.html
Instead, access your apache virtual host with your /full/path/to/web/app.html prefixed with your proxy location (i.e. /dart/full/path/to/web/app.html):
http://dartapp:80/dart/full/path/to/web/app.html