9

I have Apache 2.2.29 (unix) setup and running on my new dev machine (mac). I am trying to set CORS headers for an API project - something that I have done many times.

The htaccess file for the project looks like this:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" 
    Header set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
    ServerSignature Off
</IfModule>
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /cms/public
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
    RewriteRule (.+) index.php?p=$1 [QSA,L]
</IfModule>

and the headers module is loaded in my conf:

LoadModule headers_module libexec/mod_headers.so

The module file exisits in the location shown in the apache conf and is it loaded OK:

dan$ httpd -M

Loaded Modules:
 core_module (static)
 mpm_event_module (static)
 http_module (static)
 so_module (static)
 authn_file_module (shared)
 authn_dbm_module (shared)
 authn_anon_module (shared)
 ...
 headers_module (shared)

I have also checked the conf override settings in my main conf and the included vhosts conf:

<Directory "/Users/dan/Sites">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Allow from all
    </IfModule>
</Directory>

However, headers aren't being set as expected. Heres the response headers when making a request to an API project using the above htaccess file:

HTTP/1.1 200 OK
Date: Wed, 22 Jul 2015 10:36:05 GMT
Server: Apache/2.2.29 (Unix) DAV/2 mod_fastcgi/2.4.6 mod_ssl/2.2.29 OpenSSL/1.0.2c
Expires: Wed, 15 Jul 2015 10:36:05 GMT
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8

I have tested the application setup in other apache environments and it is working as expected...so it's definitely something to do with my setup. It's driving me crazy!

Any thoughts? Dan

Dan Lake
  • 91
  • 1
  • 1
  • 4
  • Did you ever solve this? As I'm having the identical issue on my osx setup. – owenmelbz May 16 '16 at 11:02
  • No, unfortunately not. My setup was a hand cranked Apache, PHP, MySQL install using homebrew and trying to fix it nearly drove me to insanity! In the end I gave up and installed MAMP. Completely unsatisfying solution but it got around the problem for me. – Dan Lake May 19 '16 at 08:23

2 Answers2

1

For all who still have this problem: for me it helped to change allowOverride None to allowOverride All in the httpd.conf file

Jenny D
  • 27,358
  • 21
  • 74
  • 110
wolfi
  • 11
  • 1
0

If you're still interested in solving the issue I have some suggestions. The basic idea of the configuration is fine, I tested it on a simple setup and the headers were set correctly.

This means the issue is probably to do with the htaccess file and the servers ability to use it. I would first try putting "rubbish" into the htaccess file (anything that is not valid Apache configuration). If the htaccess file is being read correctly all requests that cause the file to be read will generate a 500 Internal Server Error.

Next run apachectl -S and check the output, put it in your question if you are unsure. You need to make sure that the request maps to the <Directory> block in your question. I'm afraid there is little you can do except search through your configuration files. While you do this make sure AllowOverride is not overridden somewhere.

Also you are using mod_fastcgi, so depending on your configuration, the request may not be mapping to a directory on the file system at all, which is required for the htaccess file to be read.

Unbeliever
  • 2,286
  • 1
  • 9
  • 17