1 / 10

How to Set Access-Control-Allow-Origin (CORS) Headers in Apache

Access-Control-Allow-Origin header allows you to enable CORS in Apache. Here's how to set Access-Control-Allow-Origin headers in Apache.#apache #webdevelopment <br><br>Visit https://ubiq.co/tech-blog/set-access-control-allow-origin-cors-headers-apache/

sreeramsreenivasan
Download Presentation

How to Set Access-Control-Allow-Origin (CORS) Headers in Apache

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to Enable CORS in Apache Web Server

  2. Enable headers module You need to enable headers module to enable CORS in Apache. Ubuntu/Debian In ubuntu/debian linux, open terminal & run the following command to enable headers module. $ sudo a2enmod headers CentOS/Redhat/Fedora In CentOS/Redhat/Fedora linux, open the Apache configuration file httpd.conf and uncomment the following line by removing # in front of them. LoadModule headers_module modules/mod_headers.so

  3. Open Apache Configuration File You can enable CORS in Apache by modifying Apache Server configuration file, or .htaccess file. Using Apache Server Configuration File If you have access to Apache server configuration file, open it in a text editor. Apache configuration file is located at any of the following locations, depending on your installation ● ● ● ● /etc/apache2/httpd.conf /etc/apache2/apache2.conf /etc/httpd/httpd.conf /etc/httpd/conf/httpd.conf $ sudo vi /etc/apache2/httpd.conf Using .htaccess file If you don’t have access to Apache server configuration file, open .htaccess file in a text editor. $ sudo vi /var/www/html/.htaccess

  4. Enable CORS in Apache To set Access-Control-Allow-Origin header in Apache, just add the following line inside either the <Directory>, <Location>, <Files> or <VirtualHost> sections of your file. Header set Access-Control-Allow-Origin "*" The above line will allow Apache to accept requests from all other domains. If you only want to accept CORS requests from specific domain (example.com), then use that domain instead of using * above. Header set Access-Control-Allow-Origin "example.com" Let us look at some of the use cases to allow CORS requests.

  5. Directory Tag in Main Configuration File In this case, the CORS requests will be allowed only to the specified folder & its subfolders on your website, and not all folders. Since we have added the configuration for root folder /var/www/html, it will be applicable to the entire website. <Directory /var/www/html> ... Header set Access-Control-Allow-Origin "*" ... </Directory> Here is an example to allow CORS only for folder /projects. <Directory /var/www/html> ... Header set Access-Control-Allow-Origin "*" ... </Directory>

  6. Other Locations for Directive Anywhere in .htaccess file In this case, the CORS requests will be allowed only for the domain whose .htaccess file you have modified. ... Header add Access-Control-Allow-Origin "*" ... VirtualHost Tag in Virtual Host Configuration File In this case, the CORS requests will be allowed only for virtual host whose configuration file you have updated. <VirtualHost *:443> ... Header add Access-Control-Allow-Origin "*" ... </VirtualHost>

  7. Sample Configurations (1 of 2) There are different configurations available to enable CORS in Apache. Enable CORS from all websites If you want to enable CORS for all websites, that is, accept cross domain requests from all websites, add the following Header add Access-Control-Allow-Origin *; In the above statement, we use wildcard (*) for Apache Access-Control-Allow-Origin directive Enable CORS from one domain If you want to enable CORS for one website domain (e.g example.com), specify that domain in place of wildcard character *. Header add Access-Control-Allow-Origin "example.com";

  8. Sample Configurations (2 of 2) Enable CORS from multiple domains & subdomains If you want to enable CORS for multiple domains (e.g example1.com, example2.com,example3.com and subdomain blog.example4.com), specify them separately one after another Header add Access-Control-Allow-Origin "example1.com"; Header add Access-Control-Allow-Origin "example2.com"; Header add Access-Control-Allow-Origin "example3.com"; Header add Access-Control-Allow-Origin "blog.example4.com"; Enable CORS from localhost If you want to enable CORS from localhost, add 127.0.0.1 or localhost in place of domain name Header add Access-Control-Allow-Origin "localhost";

  9. Restart Apache Server Restart Apache web server to apply changes -------------- On Debian/Ubuntu -------------- # apache2 -t # systemctl restart apache2.service -------------- On RHEL/CentOS/Fedora -------------- # httpd -t # systemctl restart httpd.service

  10. Thank You Visit for details https://ubiq.co/tech-blog/set-access-control-allow-origin-cor s-headers-apache/

More Related