How to allow Cross domain request in apache2

apache cors

This is my configuration file. 

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName localhost:80
    DocumentRoot /var/www/XXX
    <Directory />
        Options None
        AllowOverride None
        Order deny,allow
        Deny from all
    </Directory>
    <Directory /var/www/qvbn-app-web-ctrl>
        Options FollowSymLinks
        AllowOverride AuthConfig FileInfo
        Order allow,deny
        Allow from all
        Header set Access-Control-Allow-Origin "*"
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

When i am trying to reload apache2 iT is giving error as :

   Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration
    Action 'configtest' failed.

I don't know how to enable CORS. I followed this: http://enable-cors.org/server_apache.html


OS=GNU/Linux Debian
Httpd=Apache/2.4.10

Change in /etc/apache2/apache2.conf

<Directory /var/www/html>
     Order Allow,Deny
     Allow from all
     AllowOverride all
     Header set Access-Control-Allow-Origin "*"
</Directory>

Add/activate module

 a2enmod headers

Restart service

/etc/init.d/apache2 restart

First enable mod_headers on your server, then you can use header directive in both Apache conf and .htaccess.

  1. enable mod_headers
  • a2enmod headers
  1. configure header in .htaccess file
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

In httpd.conf

  1. Make sure these are loaded:
LoadModule headers_module modules/mod_headers.so

LoadModule rewrite_module modules/mod_rewrite.so
  1. In the target directory:
<Directory "**/usr/local/PATH**">
    AllowOverride None
    Require all granted

    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
    Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
    Header always set Access-Control-Max-Age "600"

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]

</Directory>

If running outside container, you may need to restart apache service.

put the following in the site's .htaccess file (in the /var/www/XXX):

Header set Access-Control-Allow-Origin "*"

instead of the .conf file.

You'll also want to use 

AllowOverride All

in your .conf file for the domain so Apache looks at it.

Related

How to click on an item inside a RecyclerView in Espresso
Configure JPA to let PostgreSQL generate the primary key value
How to conditionally wrap a div around ng-content
Get UserID of logged-in user in Asp.Net MVC 5
What is $(3n+3)!$ equal to
Android WebView UTF-8 not showing
What does the factorial of a negative number signify?
if $f(x)$ is continuously differentiable in $[0,\infty)$, and $\int_{0}^{\infty}f$ and $\int_{0}^{\infty}f'$ converge
How to get synchronous readline, or "simulate" it using async, in nodejs?
Sphere inscribed in a cone
Upper-bound for nuclear norm of $A \circ (v \otimes v)$ in terms of operator norm (or nuclear norm) of matrix $A$ and $L_\infty$-norm of vector $v$.
How to scroll to the bottom of a ScrollViewer automatically with Xaml and binding?