httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Valerio Pachera <siri...@gmail.com>
Subject [users@httpd] CORS (Cross Origin Resource Sharing) server side configuration
Date Fri, 20 Apr 2018 08:16:48 GMT
Good Morning, I'm looking for documentation about setting CORS headers in
apache.
The problem is that I need to handle a cors request and be sure I set all
the necessasary header in apache.
Right now I het error 401.
*Most of all, I can't find good server side documentation on how to handle
CORS request!*
May you please write a link if that documentation exists?
This
<https://benjaminhorn.io/code/setting-cors-cross-origin-resource-sharing-on-apache-with-correct-response-headers-allowing-everything-through/>
is the most complete topic I found but it sounds alchemic.
Ok, here we go with details:

*This is the ajax CORS request:*

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.open("GET", "
https://cloud.domain.com/remote.php/webdav/path/to/my/file/file.7z ");
console.log('open x');
xhr.setRequestHeader("content-type", "application/txt");
xhr.setRequestHeader("authorization", "Basic 3j893njd83jneu32");

*The apache server configration related to cors is this:*

<VirtualHost *:443>
Header set Access-Control-Allow-Origin 'https://examvple.callingdomain.com'
Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "x-requested-with, content-type,
origin, authorization, accept, client-security-token, basic, origin"
...
</VirtualHost>
(Notice I added 'basic, origin' but I don't know if they are valid heasers.
Nothing change if I remove them).

*After sending the request, in the browser console I get the error:*

Failed to load
https://cloud.domain.com/remote.php/webdav/path/to/my/file/file.7z:
Response for preflight has invalid HTTP status code 401.

*Here are more client side details:*

Response
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
  <s:message>*No 'Authorization: Basic' header found*. Either the client
didn't send one, *or the server is misconfigured*</s:message>
</d:error>

General
Request URL:
https://cloud.domain.com/remote.php/webdav/path/to/my/file/file.7z z
Request Method: OPTIONS
Status Code: 401 Unauthorized
Remote Address: 192.168.253.37:443
Referrer Policy: no-referrer-when-downgrade

Response header
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-requested-with, content-type, origin,
authorization, accept, client-security-token, basic, origin
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
Access-Control-Allow-Origin: https://examvple.callingdomain.com

Request header
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: GET
Connection: keep-alive
Host: cloud.domain.com
Origin: https://examvple.callingdomain.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

*Server detail*

Ubuntu 16.0.4
Apache 2.4.18

Any suggestion is wellcome.

Thank you.

Mime
View raw message