Hi, I am doing some testing with Apache (2.4.29, which I just happen to have), testing some edge CORS-type scenarios. I have 2 machines. On the 1st machine, I have an HTML page that has javascript/XHR to the 2nd Apache (which has an FQDN with a different DNS root domain). I load the page into the browser on the 1st machine from the filesystem (which will cause the XHR request to the Apache on the 2nd machine to have "Origin: null"), and I have an htdocs/corstest/index.html on the Apache on the 2nd machine, and the request coming into that Apache has an "Origin: null" HTTP header (I have mod_log_forensic installed so I can see the request), and the test case I want to implement is to somehow strip that HTTP header out from the request before Apache processes the request. I have tried: <Location /corstest> RequestHeader unset Origin early (both with, and without, the "early") Header set Access-Control-Allow-Origin "http://charlieeastweb04.sbx.gxaws.com:7777"; </Location> but the "RequestHeader" directive doesn't seem to be doing anything (the Apache still seems to see the "Origin: null" header: - I still see the "Origin: null" in the forensic log - In the browser debugger, I still see: "Access to XMLHttpRequest at 'http://fakecors.whatever.com:7777/corstest/index.html' from origin 'null' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://xxx.yyyy:7777' that is not equal to the supplied origin." Is there some way to accomplish what I am trying to do (strip the Origin header out from the request)? Thanks, Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|