You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Valerio Pachera <si...@gmail.com> on 2018/04/20 08:16:48 UTC
[users@httpd] CORS (Cross Origin Resource Sharing) server side configuration
Good Morning, I'm looking for documentation about setting CORS headers in
apache.
The problem is that I need to handle a cors request and be sure I set all
the necessasary header in apache.
Right now I het error 401.
*Most of all, I can't find good server side documentation on how to handle
CORS request!*
May you please write a link if that documentation exists?
This
<https://benjaminhorn.io/code/setting-cors-cross-origin-resource-sharing-on-apache-with-correct-response-headers-allowing-everything-through/>
is the most complete topic I found but it sounds alchemic.
Ok, here we go with details:
*This is the ajax CORS request:*
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.open("GET", "
https://cloud.domain.com/remote.php/webdav/path/to/my/file/file.7z ");
console.log('open x');
xhr.setRequestHeader("content-type", "application/txt");
xhr.setRequestHeader("authorization", "Basic 3j893njd83jneu32");
*The apache server configration related to cors is this:*
<VirtualHost *:443>
Header set Access-Control-Allow-Origin 'https://examvple.callingdomain.com'
Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "x-requested-with, content-type,
origin, authorization, accept, client-security-token, basic, origin"
...
</VirtualHost>
(Notice I added 'basic, origin' but I don't know if they are valid heasers.
Nothing change if I remove them).
*After sending the request, in the browser console I get the error:*
Failed to load
https://cloud.domain.com/remote.php/webdav/path/to/my/file/file.7z:
Response for preflight has invalid HTTP status code 401.
*Here are more client side details:*
Response
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
<s:message>*No 'Authorization: Basic' header found*. Either the client
didn't send one, *or the server is misconfigured*</s:message>
</d:error>
General
Request URL:
https://cloud.domain.com/remote.php/webdav/path/to/my/file/file.7z z
Request Method: OPTIONS
Status Code: 401 Unauthorized
Remote Address: 192.168.253.37:443
Referrer Policy: no-referrer-when-downgrade
Response header
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-requested-with, content-type, origin,
authorization, accept, client-security-token, basic, origin
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
Access-Control-Allow-Origin: https://examvple.callingdomain.com
Request header
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: GET
Connection: keep-alive
Host: cloud.domain.com
Origin: https://examvple.callingdomain.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
*Server detail*
Ubuntu 16.0.4
Apache 2.4.18
Any suggestion is wellcome.
Thank you.