Last active
January 31, 2019 11:09
-
-
Save revolunet/6295643 to your computer and use it in GitHub Desktop.
global enable CORS without touching code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# with AJAX withCredentials=false (cookies NOT sent) | |
Header always set Access-Control-Allow-Origin "*" | |
Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" | |
Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type" | |
RewriteEngine On | |
RewriteCond %{REQUEST_METHOD} OPTIONS | |
RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]] | |
# with AJAX withCredentials=true (cookies sent, SSL allowed...) | |
SetEnvIfNoCase ORIGIN (.*) ORIGIN=$1 | |
Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" | |
Header always set Access-Control-Allow-Origin "%{ORIGIN}" | |
Header always set Access-Control-Allow-Credentials "true" | |
Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type" | |
RewriteEngine On | |
RewriteCond %{REQUEST_METHOD} OPTIONS | |
RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}] |
Thanks a lot. 👍 I spend almost a day to get this.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
"%{ORIGIN}"
should be"%{ORIGIN}e"
otherwise Apache will not understand it