Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cors]

Cross-Origin Resource Sharing (CORS) is a specification that enables open access across domain-boundaries

A mechanism to enable client-side cross-origin requests. Specifications that enable an API to make cross-origin requests to resources can use the algorithms defined by this specification. If such an API is used on http://example.org resources, a resource on http://hello-world.example can opt in using the mechanism described by this specification (e.g., specifying Access-Control-Allow-Origin: http://example.org as response header), which would allow that resource to be fetched cross-origin from http://example.org.

http://www.w3.org/TR/cors/

140 questions
1
vote
1 answer

CloudFront drops Access-Control-Expose-Headers header when Accept-Encoding is set

I am trying to get CloudFront to serve a gzipped text file along with Content-Length: and Access-Control-Expose-Headers: Content-Length headers so I can display the download progress when using fetch(). The setup I have is: Pre-compress the…
brianskold
  • 121
  • 6
1
vote
0 answers

Path specific load-balancing over multiple AWS Beanstalk applications

I currently have two AWS beanstalk applications: One for my web app server (web_beanstalk_env) and one for my api (api_beanstalk_env). They are currently routed through Route 53 as api.example.com => api_beanstalk_env and example.com =>…
Andreas Jarbol
  • 111
  • 2
1
vote
0 answers

CORS set to allow all but preflight still fails

I am using Istio in Google Kubernetes Engine with Istio. I've added a CORS policy to my virtual service that allows all origins. It looks like this: - match: - port: 443 route: - destination: host: rev79-api-service …
Toby 1 Kenobi
  • 247
  • 2
  • 12
1
vote
1 answer

Enable CORS for GKE Kubernetes API

I have a Kubernetes Engine cluster set up in Google Cloud Platform and it's working wonderfully. I can query the Kubernetes API itself to get info on Kubernetes objects, using the IP-based URL of the Kubernetes Master seen when running kubectl…
Goldstein
  • 53
  • 5
1
vote
1 answer

I want to add Apache Alias for api (Different users)

First of all i'm a beginner on these issues, sorry for this :) Actually i am a software developer. I have a project. Many domains connect to Rest Api domain. And all domains locate same server. I want to remove CORS control from api requests. When…
okancelik
  • 111
  • 3
1
vote
1 answer

IIS10 Cors Module Configuration to Allow Cors

I'm having an issue allowing CORS requests on IIS v10 with an 2016 windows azure server. I downloaded and installed the IIS Cors module that is supposed to help take care of this, but I can't seem to get it to work. I keep getting a 405 method…
RTDev123
  • 131
  • 1
  • 1
  • 3
1
vote
2 answers

webDAV and CORS

I see some strange behavior on my webServer. Trying to get keeWeb to accept a file from a webDAV share on a different server. If I want to add a WebDAV File which is entered in Form of: https://FQDN:8443/webdav/file.kdbx I see the following…
embedded
  • 456
  • 1
  • 6
  • 19
1
vote
0 answers

best practice for Single-Page Applications to access API's to avoid CORS across domains

here is the setup: having a onpage app living on example.com which should access the API on the domain api.example.com via AJAX. due to the CORS restriction i cannot access the API directly with Ajax, what is the best practice for this solution? my…
fluxsaas
  • 121
  • 2
1
vote
1 answer

IIS6 Allowing CORS without Access-Control-Allow-Origin

I don't understand what is going on here. I've got two IIS6 Sites running on the same server. One is www.example1.com and the other is www.example2.com When looking at the HTTP Headers in Google Chrome, I do not see any Access-Control-Allow-*…
S. Walker
  • 135
  • 7
1
vote
2 answers

How to add both CORS headers and Browser expired header in same conf

I need to add both expires headers AND allow cors in nginx If I add location ~* \.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|x-html|css|xml|js|woff|woff2|ttf|svg|eot)$ { expires 30d;} then the expired headers work fine. If I add location ~*…
ChrisMatthewsNZ
  • 13
  • 3
1
vote
1 answer

Changing to env:flex in app.yaml introduces a redirect

After receiving an email from google reporting that the vm: true configuration in appengine flexible environments should be replaced by env: flex, apps that use custom domains are now responding with a HTTP 307 temporary redirect, which points to…
Pedro Ribeiro
  • 11
  • 1
1
vote
0 answers

htaccess require host domain not working correctly

I have a folder full of folders with json files. I want to restrict AJAX requests to these files to certain domains. I made an htaccess file to restrict this but it isn't work. My htaccess is as follows:
abetwothree
  • 111
  • 2
1
vote
2 answers

Allowing all headers in CORS

I want to configure my Apache 2.4 to serve some static resources in a CORS-friendly way. I already have the following setting: Header always set Access-Control-Allow-Origin "*" However, for recent Safari this appears to not be enough: [Error]…
MvG
  • 1,793
  • 14
  • 18
1
vote
0 answers

nginx: CORS headers are not added for OPTIONS request

Consider this minimal nginx server configuration server: { listen 80; server_name myserver; location / { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS'; if…
muffel
  • 302
  • 7
  • 20
1
vote
1 answer

Fix headers in nginx with CORS and http/2

I have been working on my nginx config for a while now but somehow I seem to have a mixup with my headers. I got http/2 running with nginx 1.9.12 on ubuntu 14.04 and am getting a solid A rating. However even though I got most of the header…
Dominik
  • 295
  • 2
  • 4
  • 13
1 2 3
9 10