CODEWITHSUNDEEP
javascripthtmlapachecorshttpd.conf
reiley
reiley

Reputation: 3761

Enable CORS in httpd.conf

I'm developing a web application which makes REST calls to another web application outside its domain.

But whenever it tries to make the REST call, I'm facing CORS issue in chrome.

Error:

No 'Access-Control-Allow-Origin' header is present on the requested resource.

I know this question has been asked many times & I've tried many of the suggestions, but none of them is working for me.

I'm using httpd as the web server.

Below is the httpd.conf of my system. I've added Header set Access-Control-Allow-Origin "*" inside <Directory>, as suggested here.

Please suggest.

Thanks

httpd.conf

ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
    AllowOverride none
  Header set Access-Control-Allow-Origin "*"
    Require all granted
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf

ProxyRequests Off
ProxyPreserveHost On
<VirtualHost *:80>
  ProxyPass / http://localhost:9000/        # My local sonarqube URL
  ProxyPassReverse / http://myhost.com
  ErrorLog logs/sonar/error.log
  CustomLog logs/sonar/access.log common
</VirtualHost>

Upvotes: 2

Views: 22517

Answers (3)

Giri
Giri

Reputation: 181

To enable CORS the following header directive can be used:

Header set Access-Control-Allow-Origin "*"

Upvotes: 1

Emeeus
Emeeus

Reputation: 5250

In Debian-based distros. enable mod_headers running 

a2enmod headers
sudo service apache2 reload

In CentOS & other RedHat based distros

edit config file read by apache like httpd.conf and add 

LoadModule headers_module modules/mod_headers.so

and reload apache with sudo service httpd restart

and in httpd.conf or some file read by apache like apache2.conf, of files *.conf within the folders like sites-available/ or sites-enabled/ 

Header set Access-Control-Allow-Origin: *

* or the domain or domains you desire

Keep in mind this must be placed in the server that receive the request, not the server that send the request, and restrictions are made by browsers, not servers, see this: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

There is also another way instead of editing some .conf file that is creating a file at document root level called .htaccess and inside: Header set Access-Control-Allow-Origin *

Upvotes: 3

owmasch
owmasch

Reputation: 69

In my experience this error is often returned if there is any issue with the API.

You should try testing your web application in Chrome without web security to see if the issue is really a CORS issue or not. See here for more information.

Upvotes: -1

Related Questions