Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cors]

Cross-Origin Resource Sharing (CORS) is a specification that enables open access across domain-boundaries

A mechanism to enable client-side cross-origin requests. Specifications that enable an API to make cross-origin requests to resources can use the algorithms defined by this specification. If such an API is used on http://example.org resources, a resource on http://hello-world.example can opt in using the mechanism described by this specification (e.g., specifying Access-Control-Allow-Origin: http://example.org as response header), which would allow that resource to be fetched cross-origin from http://example.org.

http://www.w3.org/TR/cors/

140 questions
2
votes
0 answers

How can I set Access-Control-Allow-Origin for multiple domains in apache2?

I have created an app in React with its backend in Python Django. I hosted the React app in Heroku and the Django app in AWS (apache2). I have faced a problem with CORS. I added the following configurations settings in my apache2 config…
Ferose
  • 131
  • 3
2
votes
0 answers

CORS not works on Nginx

I need my application work with backend API on other domain. I use nginx 1.12.1 on Ubuntu 16.04. I added to my host config following (to the location ~ .php$ section): add_header 'Access-Control-Allow-Origin' '*'; add_header…
atom-22
  • 121
  • 2
2
votes
1 answer

htaccess conditional header set is ignoring the condition

I'm trying to set headers if the origin is a particular site to solve a resource conflict I'm having (using Mautic hosted on a subdomain). If I add the headers for any situation I get a 500 error when I try to use Mautic, but the resource being…
Elenchus
  • 121
  • 4
2
votes
0 answers

Apache 2 responding with 301 redirect on OPTIONS request

I'm trying to get my Angular 2 application running and everything is going relatively smoothly until I hit the API for some data. Apache is responding with a 301 redirect when Angular's http module does that OPTIONS request, see…
The Maniac
  • 121
  • 3
2
votes
1 answer

Zimbra and cross-origin framing

Let's say that I have a Zimbra webmail accessible at https://mail.example.com. I also have a web app at https://app.example.com. On one of the app's pages I am trying to embed the webmail: However,…
bpiec
  • 135
  • 6
2
votes
1 answer

How to add CORS headers to several locations in nginx?

I have been able to add a basic CORS support to my nginx server using the code provided in enable-cors.org. However this solution implies to copy and paste that code in every location block, and I have several locations like the following: location…
Pablo Lozano
  • 125
  • 7
2
votes
1 answer

nginx CORS on proxy pass: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource

I am moving my APIs from a subdomain to another without affecting already running applications. I have three servers configured on nginx such as: Original API server: server { listen 80; server_name example.com; root …
zed
  • 222
  • 1
  • 3
  • 12
2
votes
1 answer

CORS header set correctly in CURL but does not get set in when loading the page from a browser

I have a website which uses font-awesome and I want to use cloudfront as the CDN(my website runs on apache). I have enabled cors in the conf file for this site. Here is the conf file for my site: ServerAdmin…
The Flying Dutchman
  • 121
  • 5
2
votes
0 answers

Error: No 'Access-Control-Allow-Origin' header is present on the requested resource. (NGINX)

I am using NGINX and I am receiving that error in the browser's console. I am so frustrated. According to my boss, I need to set up cors which what I did and still I am getting the same error. This is the full error OPTIONS…
Reacting
  • 223
  • 1
  • 3
  • 8
2
votes
1 answer

Angular CORS with Nginx

Several questions for the same topic on the net but nothing worked. I have a serverXYZ running an Angular app, a backend tomcat webapp for authentication, a nginx server. Angular app on port 4200, tomcat app on 8080. Everything is on the same…
glass
  • 25
  • 1
  • 4
2
votes
2 answers

CORS blocked by No "Access-Control-Allow-Origin" on dockerized Angular frontend app and Spring Boot dockerized backend

I have built an Angular app and created a docker image, which makes it run on an Nginx server (once it is run). For the backend, I have a dockerized implementation as well. While trying to access the data from the backend, I face the error with…
Leo
  • 21
  • 1
  • 3
1
vote
0 answers

Nginx doesn't forward the OPTIONS request to application

I have an Nginx server and a PHP application running in PHP-FPM. The application is restful API. The problem is I get OPTIONS request which the application understands and supports, but the server blocks the request which never gets to the…
Josef Sábl
  • 111
  • 1
  • 4
1
vote
0 answers

nginx not setting Vary header successfully

I have gzip_vary on; I also have (inside a server section): add_header Vary Origin; Yet when I inspect headers sent, the Vary header only includes Accept-Encoding; if I remove the gzip_vary on; line then there is no Vary header emitted at all. I'm…
artfulrobot
  • 2,627
  • 11
  • 30
  • 56
1
vote
0 answers

Should I avoid CORS when building an SPA with backend API hosted on the same server?

I've stumbled upon this question and had the thought that my application should not require CORS, since it is hosted on the same server (a raspberry pi). However, since CORS is a security "feature" I'm also not sure if avoiding it would even be good…
HackXIt
  • 21
  • 1
  • 7
1
vote
2 answers

Digital Ocean Spaces S3: Is it possible to add access-control-allow-origin: * to all requests?

If you curl my image curl -i https://local-spaces.fra1.digitaloceanspaces.com/test.jpg you will see that there is no Access-Control-Allow-Origin header in the response. If you curl like this, the header is set: curl -H "Origin:…
Philipp Mochine
  • 155
  • 1
  • 10
1 2
3
9 10