这是我的配置文件。
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName localhost:80
DocumentRoot /var/www/XXX
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory /var/www/qvbn-app-web-ctrl>
Options FollowSymLinks
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
Header set Access-Control-Allow-Origin "*"
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
当我尝试重新加载 apache2 时,iT 给出的错误为:
Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
我不知道如何启用 CORS。我遵循了这个: http://enable-cors.org/server_apache.html
OS=GNU/Linux Debian
Httpd=Apache/2.4.10
更改 /etc/apache2/apache2.conf
<Directory /var/www/html>
Order Allow,Deny
Allow from all
AllowOverride all
Header set Access-Control-Allow-Origin "*"
</Directory>
添加/激活模块
a2enmod headers
重启服务
/etc/init.d/apache2 restart
首先在您的服务器上启用
mod_headers.htaccessmod_headersa2enmod headers.htaccessHeader add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
在httpd.conf中
LoadModule headers_module modules/mod_headers.so
LoadModule rewrite_module modules/mod_rewrite.so
<Directory "**/usr/local/PATH**">
AllowOverride None
Require all granted
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "600"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</Directory>
If running outside container, you may need to restart apache service.
将以下内容放入站点的 .htaccess 文件(在 /var/www/XXX 中):
Header set Access-Control-Allow-Origin "*"
而不是 .conf 文件。
您还想使用
AllowOverride All
在域的 .conf 文件中,以便 Apache 查看它。
对我有用的 Ubuntu Apache2 解决方案 .htaccess 编辑对我不起作用我必须修改conf文件。
nano /etc/apache2/sites-available/mydomain.xyz.conf
我的配置允许 CORS 支持
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.xyz
ServerAlias www.mydomain.xyz
ServerAdmin [email protected]
DocumentRoot /var/www/mydomain.xyz/public
### following three lines are for CORS support
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/mydomain.xyz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.xyz/privkey.pem
</VirtualHost>
</IfModule>
a2enmod 标头
在 Apache2 中启用 mod_headers 以便能够使用 Header 指令:
a2enmod headers
我在让它发挥作用时遇到了很多麻烦。傻瓜,不要忘记旧页面 - 即使是子请求 - 也会缓存在您的浏览器中。也许很明显,但请清除浏览器缓存。之后,还可以使用
Header set Cache-Control "no-store"FWIW,在标准共享服务器托管配置(Namecheap)上 - 在不需要安全性的非生产帐户上 - 这对我有用:
Header Set Access-Control-Allow-Origin *
Header Set Access-Control-Allow-Headers *
Header Set Access-Control-Allow-Methods *
您还可以将以下代码放入 httaccess 文件中,以允许使用 htaccess 文件进行 CORS
######################## Handling Options for the CORS
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [L,R=204]
##################### Add custom headers
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
# Always set these headers for CORS.
Header always set Access-Control-Max-Age 1728000
Header always set Access-Control-Allow-Origin: "*"
Header always set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
Header always set Access-Control-Allow-Headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$
Header always set Access-Control-Allow-Credentials true
出于信息目的,您还可以查看这篇文章http://www.ipragmatech.com/enable-cors-using-htaccess/,它允许 CORS 标头。