4

We built a RESTful server with CORS enabled which means it will be getting OPTIONS requests from the clients. We would like to have the webserver handle these, not our downstream REST-server. How can we configure Apache to handle these request without invoking any external scripts?

In NGINX it is something like this:

   if ($request_method = OPTIONS ) {
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
        add_header Access-Control-Allow-Headers "ACCEPT, ORIGIN, X-REQUESTED-WITH, CONTENT-TYPE, AUTHORIZATION";
        add_header Access-Control-Allow-Credentials "true";
        add_header Content-Length 0;
        add_header Content-Type text/plain;
        return 200;
   }

But we can't find a similar mechanism in Apache. [edit] The trick is not to set the headers, thats obvious in Apache, but to return '200' from the request without invoking any external script. [/edit]

Need it for our local dev-servers which don't run NGINX. Thanks!

Improve this question
3
  • Were you able to solve this? If yes please share it with all of us. Commented Oct 15, 2014 at 7:57
  • i can't think of a way to generate a response in apache. But you could rewrite the OPTIONS request to a file to achieve the same result? Commented May 18, 2015 at 6:13
  • I had to setup this for NGINX, but your question gave me most of the needed info :D ... thanks :) Commented Mar 9, 2018 at 9:52

1 Answer 1

Reset to default
1

For setting those headers in Apache httpd, have a look at the mod_headers. Here is an example (found after some quick googling) that appears to do what you're looking for: http://saulalbert.net/blog/access-control-allow-origin-xmlhttprequest-day-what-fun/

On a side note, since your setup appears to be using NGINX in higher environments, it would be wise to use to NGINX for local dev servers as well, if possible.

Improve this answer
3
  • You're absolutely right, but this is for the servers running on our personal Macbooks, for demo and dev purposes. At the moment we generate the header from the REST-server code, but this is even more undesirable then not running NGINX ;) I know how to set headers for Apache, but I can't find anywhere how to have Apache handle the complete request on its own. Then our REST servers need to be aware of OPTIONS requests at all. Commented Aug 15, 2013 at 14:15
  • I looked into the solution you gave, but the part where Apache return without calling any script is missing. The crucial part :) For completeness I would like to mention that for the real requests, you only need the 'Access-Control-Allow-Origin "*";' header, not the others. They are only used by the OPTIONS preflight request. Commented Aug 15, 2013 at 14:17
  • Ah, I see. My understanding is that this should just work. If it doesn't, have a look at your apache confs to see if there are any limits on OPTIONS. Have a look at this discussion for some pointers: stackoverflow.com/questions/13581106/… Commented Aug 17, 2013 at 14:04

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.