Matthew Dean
Reputation: 552
CORS Headers Not Being Set
I'm trying to download a static file from another domain. In my .htaccess file, which is in the root directory:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Accept, If-Modified-Since, Origin"
Header set Access-Control-Allow-Methods "GET, OPTIONS"
And here's the request-response cycle where a browser downloads the resource twice:
GET /file HTTP/1.1
Host: www.example.com
Accept: application/json
Origin: http://www.mydomain.com
HTTP/1.1 200 OK
Date: Sat, 07 Sep 2013 21:01:35 GMT
Server: Apache
Last-Modified: Sat, 07 Sep 2013 20:14:45 GMT
Content-Length: 2
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Accept, If-Modified-Since, Origin
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: application/json
[]
GET /file HTTP/1.1
Host: www.example.com
Cache-Control: max-age=0
Accept: application/json
Origin: http://www.mydomain.com
If-Modified-Since: Sat, 07 Sep 2013 20:14:45 GMT
HTTP/1.1 304 Not Modified
Date: Sat, 07 Sep 2013 21:01:40 GMT
Server: Apache
The second time you can see that since the file hasn't been modified, the server responds with a 304 Not Modified. Why are the CORS headers not being set for the second response?
Upvotes: 5
Views: 1674
Answers (1)
Adam
Reputation: 66
It's an apache bug, see below
https://issues.apache.org/bugzilla/show_bug.cgi?id=51223
You can recompile Apache with the patch if you're feeling brave....
Upvotes: 2
Related Questions
- Chrome Browser and CORS issue when caching present in request headers
- CORS policy unsolvable with .htaccess
- unable to correctly specify headers for CORS request
- CORS error - my headers
- CORS header not being served by Apache if there's a 404
- CORS Access-Control-Allow-Origin cache issue
- Setting CORS headers does not work in Chrome, Firefox or on mobile browser
- If-Modied-Since header makes CORS OPTIONS request fail
- CORS request isn't allowed despite headers being set
- AJAX request failing even though CORS headers are present