Enable CORS in httpd.conf

Question

I'm developing a web application which makes REST calls to another web application outside its domain.

But whenever it tries to make the REST call, I'm facing CORS issue in chrome.

Error:

No 'Access-Control-Allow-Origin' header is present on the requested resource.

I know this question has been asked many times & I've tried many of the suggestions, but none of them is working for me.

I'm using httpd as the web server.

Below is the httpd.conf of my system. I've added Header set Access-Control-Allow-Origin "*" inside <Directory>, as suggested here.

Please suggest.

Thanks

httpd.conf

ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
    AllowOverride none
  Header set Access-Control-Allow-Origin "*"
    Require all granted
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf

ProxyRequests Off
ProxyPreserveHost On
<VirtualHost *:80>
  ProxyPass / http://localhost:9000/        # My local sonarqube URL
  ProxyPassReverse / http://myhost.com
  ErrorLog logs/sonar/error.log
  CustomLog logs/sonar/access.log common
</VirtualHost>

Answer 1

In Debian-based distros. enable mod_headers running

a2enmod headers
sudo service apache2 reload

In CentOS & other RedHat based distros

edit config file read by apache like httpd.conf and add

LoadModule headers_module modules/mod_headers.so

and reload apache with sudo service httpd restart

and in httpd.conf or some file read by apache like apache2.conf, of files *.conf within the folders like sites-available/ or sites-enabled/

Header set Access-Control-Allow-Origin: *

* or the domain or domains you desire

Keep in mind this must be placed in the server that receive the request, not the server that send the request, and restrictions are made by browsers, not servers, see this: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

There is also another way instead of editing some .conf file that is creating a file at document root level called .htaccess and inside: Header set Access-Control-Allow-Origin *

Answer 2

To enable CORS the following header directive can be used:

Header set Access-Control-Allow-Origin "*"

Answer 3

In my experience this error is often returned if there is any issue with the API.

You should try testing your web application in Chrome without web security to see if the issue is really a CORS issue or not. See here for more information.