Apache: difference between “Header always set” and “Header set” with Access-Control-Allow-Origin?

Asked Dec 26 '17 at 03:38

Active Dec 26 '17 at 05:14

Viewed 1,109 times

Context：I want to use apache to add http based authentication and cross-domain access to a directory. .htaccess file like：

Header always set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Origin: "http://localhost:8080"
AuthName "Input Passwd!"
AuthType Basic
AuthUserFile users/user.htpasswd
require valid-user

It is working. But if I set

Header always set Access-Control-Allow-Origin: "http://localhost:8080"

I get

The 'Access-Control-Allow-Origin' header contains multiple values 
'http://localhost:8080, *', but only one is allowed. Origin 
'http://localhost:8080' is therefore not allowed access.

Looks like it is extra ,* character. Why does it cause this difference?

Has been configured Header set Access-Control-Allow-Origin * in the http.conf.

edited Dec 26 '17 at 05:14

asked Dec 26 '17 at 03:38

xuncanzhe

Possible duplicate of [Apache: difference between "Header always set" and "Header set"?](https://stackoverflow.com/questions/39502968/apache-difference-between-header-always-set-and-header-set) – Ben Dec 26 '17 at 04:17
A little different – xuncanzhe Dec 26 '17 at 05:18

Apache: difference between “Header always set” and “Header set” with Access-Control-Allow-Origin?

0 Answers0