8

In order to set up a proper test suite for CORS (cross-domain requests) I need to be able to handle the HTTP OPTIONS method directly from script. I therefore have a simple PHP script that detects the OPTIONS method, and reacts accordingly by outputting some specific headers.

The PHP side is not a problem. If I use curl to issue GET/POST/HEAD/PUT/etc. requests they all go to the script and it clearly handles them fine. If I issue an OPTIONS request however, it never reaches the script: Apache immediately replies listing a set of methods that it believes to be appropriate for this resource. I can tell that the script isn't run (no logging, none of its output makes it to the response, etc.).

I've been going through the Apache configuration, have made sure no applicable .htaccess is in the way, I've tweaked a bunch of things such as Limit/LimitExcept directives, but I can't get it to change its behaviour. I've also tried to find information on a technique from my youth that could have helped here: NPH (non-parsed headers) scripts; but apparently that has now disappeared (at least, I can't find any recent information about it that works).

So the question is: how do I tweak Apache's configuration so that it will let my script handle OPTIONS?

Improve this question
2
  • This should just work - so long as you' don't have a LIMIT or have a specific handler enabled for OPTIONS. But a) we'd need to see your .conf file, and secondly this belongs on server fault. Will suggest getting it migrated, but add .conf file in the meantime. Commented Nov 27, 2012 at 10:53
  • I'd have included the .conf, but it's a sprawling configuration that needs to do a lot of things (a lot of configuration variance is required for testing). My next step is to bisect that until it works, but I was hoping for leads before I have to that, as it's not a small undertaking. Commented Nov 27, 2012 at 11:12

1 Answer 1

Reset to default
3

I just tested my own PHP (5.3, Apache 2.2) and it still works (as it has for a while). OPTIONS get sent through, and appeared in the $_SERVER array as you'd expect

The goal should be to turn the settings back to default (which should work) then build your conf back up with the other options you need.

Otherwise, without seeing the .conf file, we're flying blind - so here are some things to look for.

  1. Limit directives. You said you checked there, but just to debug, remove all references. Include any in vhosts as well as directories can be individually changed.
  2. Same for LimitExcept (you said you tried - just remove them all)
  3. Check both .conf and .htaccess for any redirects or other conditions based on RequestHeader or REQUESTHEADER (do search and analyse)
  4. [I've also read something just now about checking for THE_REQUEST but never heard that one before. Worth checking too?]
  5. Finally, check you don't have a specific handler specified for OPTIONS, i.e. Script OPTIONS /cgi-bin/optionshandler and that your PHP handler is likewise specified to only handle GET and POST. Again remember vhosts and directories and .htaccess can be individually changed so check them all.

That's all I can think of. Otherwise, as I suggested, start from scratch (it works) and build up everything else until it doesn't work.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

An ancient post, but it's the most informative one that I found when researching a recent problem. In the end, my problem was that I was running libapache2-mod-php5filter, rather than mod-php5. (No idea why, I installed that a long time ago). The php5filter doesn't pass OPTIONS on to PHP. Switching to mod-php5 fixed the problem for me.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.