10

I was wondering if anybody can help me set up CORS on my Apache web server. I would appreciate a step-by-step process because many sites online are telling me different things. Like what do I need to do on my httpd.conf or ssl.conf files, where to put my .htaccess file, etc.

Chaminda Bandara
  • 2,067
  • 2
  • 28
  • 31
user3851283
  • 337
  • 1
  • 3
  • 14

2 Answers2

9

The above answer is correct and put Inside the httpd.conf. This should be changed to whatever you set Document Root.

On Ubuntu, httpd.conf is located in the directory /etc/apache2. apache2.conf is also located in /etc/apache2.

On CENTOS 6 httpd.conf in the path /etc/httpd/conf/httpd.

<Directory "/var/www/html">
        Header set Access-Control-Allow-Origin "*"
</Directory>
Chaminda Bandara
  • 2,067
  • 2
  • 28
  • 31
Panneerchelvam Piratheepan
  • 602
  • 8
  • 10
8
# edit your conf/httpd.conf file.  Verify that the headers module is loaded
LoadModule headers_module modules/mod_headers.so

# to whitelist every origin, use
Header set Access-Control-Allow-Origin "*"

More info: http://enable-cors.org/server_apache.html

Kevin Seifert
  • 3,494
  • 1
  • 18
  • 14
  • Where do I put the `Header set Access-Control-Allow-Origin "*"` in?\ – user3851283 Aug 28 '15 at 14:48
  • You can put everything in the same file. It just needs to be placed somewhere after loading the module. I think .htaccess would be fine as well (if they are enabled, with override permissions). – Kevin Seifert Aug 28 '15 at 14:52
  • If I do add it to the .htaccess file, do I need to do something to the httpd.conf file where it allows .htaccess to be seen? – user3851283 Aug 28 '15 at 14:53
  • Yes, in that case you'd also need to set `AllowOverride FileInfo` for that directory. AllowOverride is valid only in sections specified without regular expressions, not in , or sections. More info: http://httpd.apache.org/docs/2.4/mod/core.html – Kevin Seifert Aug 28 '15 at 14:55
  • I just put the .htaccess file in my /var/www directory. Is that OK? – user3851283 Aug 28 '15 at 14:56
  • .htacess will go at the base of wherever you are serving your webpages from. For example, right next to the index.html of your website, for example. – Kevin Seifert Aug 28 '15 at 14:58
  • Also, where do I put `AllowOverride FileInfo` in the httpd.conf? There are many places that I can put it at. – user3851283 Aug 28 '15 at 14:58
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/88215/discussion-between-user3851283-and-kevin-seifert). – user3851283 Aug 28 '15 at 14:59
  • Somewhere you should see the path to the base of your webpage's folder. For example ... . It goes inside that stanza. If an `AllowOverride` already exists, just add the flag `FileInfo ` to it (separated by spaces). If you see `AllowOverride none`, remove the `none` and replace it with `FileInfo` – Kevin Seifert Aug 28 '15 at 15:01
  • However, there are multiple places that it has . Do I just add `FileInfo` to the place that has my project directory in it? – user3851283 Aug 28 '15 at 15:05
  • Yes, that would be the best place...just to keep all the config for a site in one place – Kevin Seifert Aug 28 '15 at 15:07
  • So I placed the Header set Access-Control-Allow-Origin "*" right below the project location directory. Is that OK? – user3851283 Aug 28 '15 at 15:12
  • yes. then if you restart apache, you should see the header `Access-Control-Allow-Origin "*"` show up in all your reponses. (you can verify with Chrome network tools) – Kevin Seifert Aug 28 '15 at 15:19