apache Access Control Allow Origin issue

Question

We have added following settings to enable CORS for both domains a.domain.com and b.domain.com

Header set Access-Control-Allow-Origin "*"

But still getting error.

Font from origin 'http://b.domain.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://a.domain.com' is therefore not allowed access.

I know this is simple setting, and we are successfully using it, but in this case no luck.

http://enable-cors.org/server_apache.html

How does Access-Control-Allow-Origin header work?

Try restarting the Apache webserver. And where did you placed SET HEADER code ? — Rajesh Manilal, Jan 29 '16 at 12:25

score 0 · Answer 1 · answered Oct 25 '22 at 09:09

For us this worked only from the same domain. We are trying to add the Origin in the header Access-Control-Allow-Origin in the BE depending if is allowed in a list of allowed origin addresses. But we have issues with Apache right now, because it adds this header with value * all the time.

That is because of Apache config line:

Header set Access-Control-Allow-Origin "*"

We try to see if we can execute this only on some of the requests.

score -1 · Answer 2 · answered Jan 29 '16 at 12:31

-1

Add .htaccess file to your Application's root folder, and place the following code in it

Header add Access-Control-Allow-Origin "*"

answered Jan 29 '16 at 12:31

Rajesh Manilal

1,104
9
20

We have disabled allowoverride – Mudasar Yasin Jan 29 '16 at 12:32
oh okay, Then the header module is httpd.conf file is enabled? – Rajesh Manilal Jan 29 '16 at 12:46

apache Access Control Allow Origin issue

2 Answers2