这是我的配置文件。
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName localhost:80
DocumentRoot /var/www/XXX
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory /var/www/qvbn-app-web-ctrl>
Options FollowSymLinks
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
Header set Access-Control-Allow-Origin "*"
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
当我尝试重新加载apache2时,iT会给出错误:
Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
我不知道如何启用CORS。我跟着这个: http://enable-cors.org/server_apache.html
答案 0 :(得分:27)
OS=GNU/Linux Debian
Httpd=Apache/2.4.10
/etc/apache2/apache2.conf中的更改
<Directory /var/www/html>
Order Allow,Deny
Allow from all
AllowOverride all
Header set Access-Control-Allow-Origin "*"
</Directory>
添加/激活模块
a2enmod headers
重启服务
/etc/init.t/apache2 restart
答案 1 :(得分:3)
首先在服务器上启用mod_headers,然后可以在Apache conf和.htaccess中使用header指令。
1)启用mod标头
a2enmod headers
2)在.htaccess文件中配置标头
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
答案 2 :(得分:2)
将以下内容放入网站的.htaccess文件中(在/ var / www / XXX中):
Header set Access-Control-Allow-Origin "*"
而不是.conf文件。
您还想使用
AllowOverride All
在域的.conf文件中,以便Apache查看它。
答案 3 :(得分:1)
在Apache2中启用mod_headers以使用Header指令:
a2enmod headers
答案 4 :(得分:1)
要使它正常工作,我遇到了很多麻烦。对不起,别忘了旧页面(即使是子请求)也会缓存在浏览器中。也许很明显,但是请清除浏览器的缓存。之后,还可以使用Header set Cache-Control "no-store",这对我在测试时很有帮助。
答案 5 :(得分:0)
在httpd.conf
中LoadModule headers_module modules/mod_headers.so
LoadModule rewrite_module modules/mod_rewrite.so
<Directory "**/usr/local/PATH**">
AllowOverride None
Require all granted
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "600"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Directory>
If running outside container, you may need to restart apache service.
答案 6 :(得分:0)
对我有用的Ubuntu Apache2解决方案 .htaccess编辑对我不起作用,我不得不修改conf文件。
nano /etc/apache2/sites-available/mydomain.xyz.conf
我的配置允许CORS支持
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.xyz
ServerAlias www.mydomain.xyz
ServerAdmin support@mydomain.xyz
DocumentRoot /var/www/mydomain.xyz/public
### following three lines are for CORS support
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/mydomain.xyz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.xyz/privkey.pem
</VirtualHost>
</IfModule>
a2enmod标头
答案 7 :(得分:-3)
您也可以将以下代码放在httaccess文件中以允许使用htaccess文件的CORS
######################## Handling Options for the CORS
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [L,R=204]
#####################添加自定义标题 标题集X-Content-Type-Options“nosniff” 标题集X-XSS-Protection“1; mode = block” #始终为CORS设置这些标头。 标题始终设置Access-Control-Max-Age 1728000 标题始终设置Access-Control-Allow-Origin:“*” 标题始终设置Access-Control-Allow-Methods:“GET,POST,OPTIONS,DELETE,PUT” 标题总是设置Access-Control-Allow-Headers:“DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C $ 标题始终将Access-Control-Allow-Credentials设置为true
为了便于参考,您还可以查看允许使用CORS标题的本文http://www.ipragmatech.com/enable-cors-using-htaccess/。