httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Louis Valm?ras <valmlo...@hotmail.com>
Subject [users@httpd] CORS configuration with Apache server
Date Fri, 25 Nov 2016 02:10:35 GMT
I am using Apache 2.4 for Windows, with Windows 10.

I have configured a reverse proxy with the Apache server.
My web application works behind the Apache reverse proxy.

I am trying to use my web application ('http://192.168.1.2:20100) to copy a jpeg picture from
another website which unfortunately has no CORS configuration ('http://192.168.1.103:80).
I have no access to change it.
The schematic is to have my web application send a request to the Apache server. The Apache
server copy the jpeg image from the website. Then the picture is sent back to my web application
by the Apache server.

Below is the configuration on the Apache server to enable CORS:

Listen 192.168.1.2:8080

<FilesMatch "\.(gif|ico|jpe?g|png)$">
     Header always set Access-Control-Allow-Origin: http://192.168.1.2
     Header always set Access-Control-Allow-Credentials: true
     Header always set Access-Control-Max-Age: 86400
     Header always set Access-Control-Allow-Headers "X-Requested-With,Origin,Authorization,X-Accept-Charset,X-Accept,Content-Type"
     Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
     Header always set Access-Control-Request-Headers "X-Requested-With,Origin,Authorization,X-Accept-Charset,X-Accept,Content-Type"
    RewriteEngine On
     RewriteCond %{REQUEST_METHOD} OPTIONS
     RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]
</FilesMatch>

This configuration is in the Apache httpd.conf file.
When I run my web application, I am getting the error message below:

Access to Image at 'http://192.168.1.103:80' from origin 'http://192.168.1.103:80'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin'
header is present on the requested resource. Origin 'http://192.168.1.2:8080' is therefore
not allowed access.

So, I think the problem is that the Apache server transmits the CORS request, from my web
application, to the target website which cannot accept it. So the CORS request from my web
application must not be transmitted to the target website by the Apache server.
So, how can I configure the Apache server so that it will receive and accept the CORS from
my web application but will submit a normal request (without CORS) to the target website?



Mime
View raw message