CORS configuration with Apache server

[Louis Valm?ras <valmlouis@xxxxxxxxxxx>]

I am using Apache 2.4 for Windows, with Windows 10.

 

I have configured a reverse proxy with the Apache server.

My web application works behind the Apache reverse proxy.

 

I am trying to use my web application ('http://192.168.1.2:20100) to copy a jpeg picture from another website which unfortunately has no CORS configuration ('http://192.168.1.103:80). I have no access to change it.

The schematic is to have my web application send a request to the Apache server. The Apache server copy the jpeg image from the website. Then the picture is sent back to my web application by the Apache server.

 

Below is the configuration on the Apache server to enable CORS:

 

Listen 192.168.1.2:8080

 

<FilesMatch "\.(gif|ico|jpe?g|png)$">

     Header always set Access-Control-Allow-Origin: http://192.168.1.2

     Header always set Access-Control-Allow-Credentials: true

     Header always set Access-Control-Max-Age: 86400

     Header always set Access-Control-Allow-Headers "X-Requested-With,Origin,Authorization,X-Accept-Charset,X-Accept,Content-Type"

     Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"

     Header always set Access-Control-Request-Headers "X-Requested-With,Origin,Authorization,X-Accept-Charset,X-Accept,Content-Type"

    RewriteEngine On

     RewriteCond %{REQUEST_METHOD} OPTIONS

     RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]

</FilesMatch>

 

This configuration is in the Apache httpd.conf file.

When I run my web application, I am getting the error message below:

 

Access to Image at 'http://192.168.1.103:80' from origin 'http://192.168.1.103:80'

has been blocked by CORS policy: No 'Access-Control-Allow-Origin'

header is present on the requested resource. Origin 'http://192.168.1.2:8080' is therefore not allowed access.

 

So, I think the problem is that the Apache server transmits the CORS request, from my web application, to the target website which cannot accept it. So the CORS request from my web application must not be transmitted to the target website by the Apache server.

So, how can I configure the Apache server so that it will receive and accept the CORS from my web application but will submit a normal request (without CORS) to the target website?