Configure Apache To Accept Cross-Site XMLHttpRequests on Ubuntu
Posted: October 15, 2009 Filed under: Uncategorized 7 Comments »1. Make sure you have the mod_headers Apache module installed. to do this check out /etc/apache2/mods-enabled/ and see if there’s a ‘headers.load’ in there. If there isn’t then just sudo ln -s /etc/apache2/mods-available/headers.load /etc/apache2/mods-enabled/headers.load
2. Add the Access-Control-Allow-Origin header to all HTTP responses. You can do this by adding the line Header set Access-Control-Allow-Origin "*" to the desired <Directory> section in your configuration file (like the /etc/apache2/sites-available/default file). Saying "*" will allow cross-site XHR requests from anywhere. You can say "www.myothersite.com" to only accept requests from that origin.
3. Reload apache server. sudo /etc/init.d/apache2 reload
Maybe this is really obvious to a lot of people, but it wasn’t to me, so there you go.
Great post , You’ve really hit the
nail on the head, I just don’t understand why people quite get it.
I don’t know how many individuals I’ve talked to concerning this very
thing in the past month, and they just don’t grasp it.
Never the less, Excellent post!
[...] If you are interested in enabling Cross-Domain AJAX for apache check this out: http://harthur.wordpress.com/2009/10/15/configure-apache-to-accept-cross-site-xmlhttprequests-on-ubu… [...]
[...] This setup worked beautifully until I needed to connect to the school's webserver and retreive content. I began to run into cross site scripting (XSS) headaches. After days of pounding my head into my desk I ran across a neat little feature in Apache that allows you to turn off the XSS protection on the server. You may be thinking that sounds insecure, and you would be right, but if you are trying to pull content off your server with Javascript from remote locations it may be just the thing you need to get it working. This does not come built in Apache, it is a module you have to add in. It was pretty trivial. Here are the directions for setting up mod_headers in Ubuntu [...]
thanks
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
this can open xxs bugs on your website
use ony for own domains and never use *
its always better to only do his where requierd
It’s a pity they didn’t put this together for New Zea land’s earthquake. Obviously the scale of the Japanese disaster is much bigger but Apple were actively blocking apps from changing their “About” text from telling people they were donating their profits to the Christchurch relief effort. Still, it is a *very* good thing to encourage people to help out Japan.
I thought it was really hard to configure but thanks to your tutorial. I figure it out.