Skip to content

Instantly share code, notes, and snippets.

@tomlankhorst

tomlankhorst/apache-cors-site.conf

Last active April 18, 2020 14:34
Show Gist options
  • Save tomlankhorst/490e745775d0c5b987f458aa6045e32b to your computer and use it in GitHub Desktop.
Save tomlankhorst/490e745775d0c5b987f458aa6045e32b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
apache-cors-site.conf
<VirtualHost *:443>
ServerName service.com
# Set CORS headers to allow XHR
# Determine if Origin matches the regex
SetEnvIf Origin "http(s)?://(www.api-client.com|beta.api-client.com:8000)$" AccessControlAllowOrigin=$0
# Set Access-Control-Allow-Origin if the Origin is allowd
Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header always set Access-Control-Allow-Credentials true
Header always set Access-Control-Allow-Headers "Origin, Authorization, Accept"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "600"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header merge Vary Origin
# Answer pre-flight requests with a 204 No Content
# https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=204,L]
# Include an appropriate proxy configuration here
# Example proxy configuration for an internal service at port 8080
ProxyPreserveHost On
ProxyPass / http://localhost:8080/ nocanon
ProxyPassReverse / http://localhost:8080/
ProxyRequests Off
AllowEncodedSlashes NoDecode
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
# Include an appropriate SSL configuration here
</VirtualHost>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment