[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: [users@httpd] CORS configuration with Apache server
From: Louis Valm?ras <valmlouis () hotmail ! com>
Date: 2016-11-25 2:10:35
Message-ID: YQXPR01MB0088106A325C20750CA89628B5890 () YQXPR01MB0088 ! CANPRD01 ! PROD ! OUTLOOK ! COM
[Download RAW message or body]
I am using Apache 2.4 for Windows, with Windows 10.
I have configured a reverse proxy with the Apache server.
My web application works behind the Apache reverse proxy.
I am trying to use my web application ('http://192.168.1.2:20100) to copy a jpeg \
picture from another website which unfortunately has no CORS configuration \
('http://192.168.1.103:80). I have no access to change it. The schematic is to have \
my web application send a request to the Apache server. The Apache server copy the \
jpeg image from the website. Then the picture is sent back to my web application by \
the Apache server.
Below is the configuration on the Apache server to enable CORS:
Listen 192.168.1.2:8080
<FilesMatch "\.(gif|ico|jpe?g|png)$">
Header always set Access-Control-Allow-Origin: http://192.168.1.2
Header always set Access-Control-Allow-Credentials: true
Header always set Access-Control-Max-Age: 86400
Header always set Access-Control-Allow-Headers \
"X-Requested-With,Origin,Authorization,X-Accept-Charset,X-Accept,Content-Type" \
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
Header always set Access-Control-Request-Headers \
"X-Requested-With,Origin,Authorization,X-Accept-Charset,X-Accept,Content-Type" \
RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]
</FilesMatch>
This configuration is in the Apache httpd.conf file.
When I run my web application, I am getting the error message below:
Access to Image at 'http://192.168.1.103:80' from origin 'http://192.168.1.103:80'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin'
header is present on the requested resource. Origin 'http://192.168.1.2:8080' is \
therefore not allowed access.
So, I think the problem is that the Apache server transmits the CORS request, from my \
web application, to the target website which cannot accept it. So the CORS request \
from my web application must not be transmitted to the target website by the Apache \
server. So, how can I configure the Apache server so that it will receive and accept \
the CORS from my web application but will submit a normal request (without CORS) to \
the target website?
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-CA" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">I am using Apache 2.4 for Windows, with Windows \
10.<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I have configured a reverse proxy with the Apache \
server.<o:p></o:p></p> <p class="MsoNormal">My web application works behind the \
Apache reverse proxy.<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am trying to use my web application \
('http://192.168.1.2:20100) to copy a jpeg picture from another website which \
unfortunately has no CORS configuration ('http://192.168.1.103:80). I have no access \
to change it.<o:p></o:p></p> <p class="MsoNormal">The schematic is to have my web \
application send a request to the Apache server. The Apache server copy the jpeg \
image from the website. Then the picture is sent back to my web application by the \
Apache server.<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Below is the configuration on the Apache server to enable \
CORS:<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Listen \
192.168.1.2:8080</span><o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span \
style="font-family:"Courier New""><FilesMatch \
"\.(gif|ico|jpe?g|png)$"><o:p></o:p></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span style="font-family:"Courier \
New""> Header always set Access-Control-Allow-Origin: \
http://192.168.1.2<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span style="font-family:"Courier \
New""> Header always set \
Access-Control-Allow-Credentials: true<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span style="font-family:"Courier \
New""> Header always set Access-Control-Max-Age: \
86400<o:p></o:p></span></p> <p class="MsoNormal" style="text-autospace:none"><span \
style="font-family:"Courier New""> Header always \
set Access-Control-Allow-Headers \
"X-Requested-With,Origin,Authorization,X-Accept-Charset,X-Accept,Content-Type"<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span \
style="font-family:"Courier New""> Header always \
set Access-Control-Allow-Methods "POST, GET, OPTIONS"<o:p></o:p></span></p> \
<p class="MsoNormal" style="text-autospace:none"><span \
style="font-family:"Courier New""> Header always \
set Access-Control-Request-Headers \
"X-Requested-With,Origin,Authorization,X-Accept-Charset,X-Accept,Content-Type"<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span \
style="font-family:"Courier New""> RewriteEngine \
On<o:p></o:p></span></p> <p class="MsoNormal" style="text-autospace:none"><span \
style="font-family:"Courier New""> RewriteCond \
%{REQUEST_METHOD} OPTIONS<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span style="font-family:"Courier \
New""> RewriteRule ^(.*)$ $1 \
[R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]<o:p></o:p></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span style="font-family:"Courier \
New""></FilesMatch><o:p></o:p></span></p> <p \
class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">This configuration is in \
the Apache httpd.conf file.<o:p></o:p></p> <p class="MsoNormal">When I run my web \
application, I am getting the error message below:<o:p></o:p></p> <p \
class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><i>Access to Image at \
'http://192.168.1.103:80' from origin 'http://192.168.1.103:80' <o:p></o:p></i></p>
<p class="MsoNormal"><i>has been blocked by CORS policy: No \
'Access-Control-Allow-Origin' <o:p></o:p></i></p>
<p class="MsoNormal"><i>header is present on the requested resource. Origin \
'http://192.168.1.2:8080' is therefore not allowed access.<o:p></o:p></i></p> <p \
class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">So, I think the problem \
is that the Apache server transmits the CORS request, from my web application, to the \
target website which cannot accept it. So the CORS request from my web application \
must not be transmitted to the target website by the Apache server.<o:p></o:p></p>
<p class="MsoNormal">So, how can I configure the Apache server so that it will \
receive and accept the CORS from my web application but will submit a normal request \
(without CORS) to the target website?<o:p></o:p></p> <p \
class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic