• Home
  • Ubuntu 20.04
    • Upgrade Ubuntu
    • Install Java
    • Install Node.js
    • Install Docker
    • Install LAMP Stack
  • Tutorials
    • AWS
    • Shell Scripting
    • Docker
    • Git
    • MongoDB
  • Funny Tools
  • FeedBack
  • Submit Article
  • About Us
TecAdmin
Menu
  • Home
  • Ubuntu 20.04
    • Upgrade Ubuntu
    • Install Java
    • Install Node.js
    • Install Docker
    • Install LAMP Stack
  • Tutorials
    • AWS
    • Shell Scripting
    • Docker
    • Git
    • MongoDB
  • Funny Tools
  • FeedBack
  • Submit Article
  • About Us

How to Enable CORS in Apache

Written by Rahul, Updated on January 29, 2020

Cross-Origin Resource Sharing (CORS) is the process, which tells the web browsers to allows resources running form different origins (domain, protocol, or port) via HTTP headers. This tutorial will help you to enable CORS in the Apache webserver.

Prerequsities

You must have enabled Apache headers modules. The Redhat based have default enabled headers modules. For the Ubuntu and Debian, based systems execute the following command to enable headers modules.

a2enmod headers

Enable CORS in Apache

Set Access-Control-Allow-Origin (CORS) authorization to the header in Apache web server. Add the following line inside either the <Directory>, <Location>, <Files> sections under <VirtualHost> in Apache configuration files. You can also place this inside the .htaccess file.

 Header set Access-Control-Allow-Origin "*"

Example

To allow Access-Control-Allow-Origin (CORS) authorization for all origin domains for all files inside a directory.

1
2
3
4
5
<Directory "/path/to/dir">
   <IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
   </IfModule>
</Directory>

To allow Access-Control-Allow-Origin (CORS) authorization for specific files only. For example to allow CORS for fonts only use following example:

1
2
3
4
5
<FilesMatch "\.(ttf|otf|eot|woff)$">
    <IfModule mod_headers.c>
        Header Set Access-Control-Allow-Origin "*"
    </IfModule>
</FilesMatch>

To allow Access-Control-Allow-Origin (CORS) with multiple origin domains, Use following example

1
2
3
4
5
6
<FilesMatch "\.(ttf|otf|eot|woff)$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www\.)?(google.com|staging.google.com|development.google.com)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    </IfModule>
</FilesMatch>

After making changes in configuration files, You need to restart the Apache webserver. But no need to restart if adding in the .htaccess file.

Share it!
Share on Facebook
Share on Twitter
Share on LinkedIn
Share on Reddit
Share on Tumblr
Share on Whatsapp
Rahul
Rahul
Connect on Facebook Connect on Twitter

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

1 Comment

  1. Avatar phil Reply
    May 7, 2020 at 7:11 pm

    Thanks for this – was having real issues serving an API to an angular SPI due to cross domain. Many solutions offer allow-origin “*” but this doesn’t work as angular sends credentials (can’t have allow-credentials with origin “*”)

    One issue – for me the $0 argument is always null. I made a work around with multiple lines and hard coding each assignment, but your version is more elegant.

    $0 looks like an parameter variable but I can’t find any information about using these in this context.

    Could you help point me to where can I find out information about this?

    Thanks

Leave a Reply Cancel reply

Popular Posts

  • How To Install Python 3.9 on Debian 10
  • Download Ubuntu 20.04 LTS – DVD ISO Images
  • Linux Run Commands As Another User
  • How to Check PHP Version (Apache/Nginx/CLI)
  • How To Install and Configure GitLab on Ubuntu 20.04
  • How to Install PyCharm on Ubuntu 20.04
  • How to Check Ubuntu Version with Command or Script
  • How to Set all directories to 755 And all files to 644
© 2013-2021 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy