CORS (Cross Origin Resource Sharing) server side configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Good Morning, I'm looking for documentation about setting CORS headers in apache.
The problem is that I need to handle a cors request and be sure I set all the necessasary header in apache.
Right now I het error 401.
Most of all, I can't find good server side documentation on how to handle CORS request!
May you please write a link if that documentation exists?
This is the most complete topic I found but it sounds alchemic.
Ok, here we go with details:

This is the ajax CORS request:

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.open("GET", " https://cloud.domain.com/remote.php/webdav/path/to/my/file/file.7z ");
console.log('open x');
xhr.setRequestHeader("content-type", "application/txt");
xhr.setRequestHeader("authorization", "Basic 3j893njd83jneu32");

The apache server configration related to cors is this:

<VirtualHost *:443>
Header set Access-Control-Allow-Origin 'https://examvple.callingdomain.com'
Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "x-requested-with, content-type, origin, authorization, accept, client-security-token, basic, origin"
...
</VirtualHost>
(Notice I added 'basic, origin' but I don't know if they are valid heasers.
Nothing change if I remove them).

After sending the request, in the browser console I get the error:

Failed to load https://cloud.domain.com/remote.php/webdav/path/to/my/file/file.7z: Response for preflight has invalid HTTP status code 401.

Here are more client side details:

Response
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\NotAuthenticated</s:exception>
  <s:message>No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured</s:message>
</d:error>

General
Request URL: https://cloud.domain.com/remote.php/webdav/path/to/my/file/file.7z z
Request Method: OPTIONS
Status Code: 401 Unauthorized
Remote Address: 192.168.253.37:443
Referrer Policy: no-referrer-when-downgrade

Response header
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-requested-with, content-type, origin, authorization, accept, client-security-token, basic, origin
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
Access-Control-Allow-Origin: https://examvple.callingdomain.com

Request header
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: GET
Connection: keep-alive
Host: cloud.domain.com
Origin: https://examvple.callingdomain.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

Server detail

Ubuntu 16.0.4
Apache 2.4.18

Any suggestion is wellcome.

Thank you.

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux