Configure Apache To Accept Cross-Site XMLHttpRequests on Ubuntu
Posted: October 15, 2009 Filed under: Uncategorized 9 Comments »Update: check out this for more up-to-date instructions: http://enable-cors.org/server_apache.html
1. Make sure you have the mod_headers Apache module installed. to do this check out /etc/apache2/mods-enabled/ and see if there’s a ‘headers.load’ in there. If there isn’t then just sudo ln -s /etc/apache2/mods-available/headers.load /etc/apache2/mods-enabled/headers.load
2. Add the Access-Control-Allow-Origin header to all HTTP responses. You can do this by adding the line Header set Access-Control-Allow-Origin "*" to the desired <Directory> section in your configuration file (like the /etc/apache2/sites-available/default file). Saying "*" will allow cross-site XHR requests from anywhere. You can say "www.myothersite.com" to only accept requests from that origin.
3. Reload apache server. sudo /etc/init.d/apache2 reload
Maybe this is really obvious to a lot of people, but it wasn’t to me, so there you go.
Great post , You’ve really hit the
nail on the head, I just don’t understand why people quite get it.
I don’t know how many individuals I’ve talked to concerning this very
thing in the past month, and they just don’t grasp it.
Never the less, Excellent post!
[...] If you are interested in enabling Cross-Domain AJAX for apache check this out: http://harthur.wordpress.com/2009/10/15/configure-apache-to-accept-cross-site-xmlhttprequests-on-ubu… [...]
[...] This setup worked beautifully until I needed to connect to the school's webserver and retreive content. I began to run into cross site scripting (XSS) headaches. After days of pounding my head into my desk I ran across a neat little feature in Apache that allows you to turn off the XSS protection on the server. You may be thinking that sounds insecure, and you would be right, but if you are trying to pull content off your server with Javascript from remote locations it may be just the thing you need to get it working. This does not come built in Apache, it is a module you have to add in. It was pretty trivial. Here are the directions for setting up mod_headers in Ubuntu [...]
thanks
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
this can open xxs bugs on your website
use ony for own domains and never use *
its always better to only do his where requierd
I thought it was really hard to configure but thanks to your tutorial. I figure it out.
[...] Furthermore, Apache2 can be used to modify the HTTP header at your own will. Thus adding “Access-Control-Allow-Origin” header is something can be done easily. Refer to http://harthur.wordpress.com/2009/10/15/configure-apache-to-accept-cross-site-xmlhttprequests-on-ubu…. [...]
Reblogged this on thebashline.
It worked!
Wow, using jsonp in javascript requests and adding Header set Access-Control-Allow-Origin “*” in .htaccess were not enough to make the error stop. This did the job.
Thanks!