How to configure Apache to handle OPTIONS request without invoking script

Question

We built a RESTful server with CORS enabled which means it will be getting OPTIONS requests from the clients. We would like to have the webserver handle these, not our downstream REST-server. How can we configure Apache to handle these request without invoking any external scripts?

In NGINX it is something like this:

   if ($request_method = OPTIONS ) {
        add_header Access-Control-Allow-Origin "*";
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
        add_header Access-Control-Allow-Headers "ACCEPT, ORIGIN, X-REQUESTED-WITH, CONTENT-TYPE, AUTHORIZATION";
        add_header Access-Control-Allow-Credentials "true";
        add_header Content-Length 0;
        add_header Content-Type text/plain;
        return 200;
   }

But we can't find a similar mechanism in Apache. [edit] The trick is not to set the headers, thats obvious in Apache, but to return '200' from the request without invoking any external script. [/edit]

Need it for our local dev-servers which don't run NGINX. Thanks!

Were you able to solve this? If yes please share it with all of us. — Rahul Prasad, Oct 15 '14 at 07:57
i can't think of a way to generate a response in apache. But you could rewrite the OPTIONS request to a file to achieve the same result? — oberhamsi, May 18 '15 at 06:13
I had to setup this for NGINX, but your question gave me most of the needed info :D ... thanks :) — pesho hristov, Mar 09 '18 at 09:52

score 1 · Answer 1 · answered Aug 15 '13 at 13:24

1

For setting those headers in Apache httpd, have a look at the mod_headers. Here is an example (found after some quick googling) that appears to do what you're looking for: http://saulalbert.net/blog/access-control-allow-origin-xmlhttprequest-day-what-fun/

On a side note, since your setup appears to be using NGINX in higher environments, it would be wise to use to NGINX for local dev servers as well, if possible.

answered Aug 15 '13 at 13:24

KM.

1,746
2
18
31

You're absolutely right, but this is for the servers running on our personal Macbooks, for demo and dev purposes. At the moment we generate the header from the REST-server code, but this is even more undesirable then not running NGINX ;) I know how to set headers for Apache, but I can't find anywhere how to have Apache handle the complete request on its own. Then our REST servers need to be aware of OPTIONS requests at all. – Patrick Savalle Aug 15 '13 at 14:15
I looked into the solution you gave, but the part where Apache return without calling any script is missing. The crucial part :) For completeness I would like to mention that for the real requests, you only need the 'Access-Control-Allow-Origin "*";' header, not the others. They are only used by the OPTIONS preflight request. – Patrick Savalle Aug 15 '13 at 14:17
Ah, I see. My understanding is that this *should* just work. If it doesn't, have a look at your apache confs to see if there are any limits on `OPTIONS`. Have a look at this discussion for some pointers: http://stackoverflow.com/questions/13581106/how-to-configure-apache-to-let-php-handle-options-http-requests – KM. Aug 17 '13 at 14:04

How to configure Apache to handle OPTIONS request without invoking script

1 Answers1