apache2 mod_headers not working

naivegeek picture naivegeek · Oct 13, 2013 · Viewed 13.7k times · Source

Question Description: I want to set my site "Access-Control-Allow-Origin", so I set it in apache's config (almost anywhere), but it's not working. I also set other headers for testing, but it's still not working too.

Apache version: 2.2.22

Apache modules: http://www.anwcl.com/test/show_modules.php

My target url:

http://www.anwcl.com/test/test_only_div.html

And it's linked to my local file:

e:\wamp\www\test\test_only_div.html

And here's my apache's configurations:

E:\wamp\bin\apache\apache2.2.22\conf\httpd.conf

...
LoadModule headers_module modules/mod_headers.so
...
Include conf/extra/httpd-vhosts.conf
...

E:\wamp\bin\apache\apache2.2.22\conf\extra\httpd-vhosts.conf

NameVirtualHost *:80
<VirtualHost *:80>
    Header add Access-Control-Allow-Origin "*"
    Header echo ^TS
    Header add MyHeader "Hello Joe. It took %D microseconds for Apache to serve this request."
    ServerAdmin [email protected]
    DocumentRoot "E:/wamp/www/"
    ServerName www.anwcl.com
    ErrorLog "logs/xxx.log"
    CustomLog "logs/xxx.log" common
    <Directory "E:/wamp/www/">
        Header add Access-Control-Allow-Origin "*"
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

E:\wamp\www\.htaccess

Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

E:\wamp\www\test\.htaccess

Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

And here's Wireshark's caps, there are no expected headers :

http://www.anwcl.com/question/apache-mod-headers-not-working.jpg
http://www.anwcl.com/question/apache-mod-headers-not-working-304.jpg

Answer

C MaCleif picture C MaCleif · Mar 5, 2019

I also ran into this issue and fixed it when I realized I was modifying the wrong Virtual-host in my config file found here: /etc/apache2/sites-enabled/000-default.conf.

I was modifying the default VirtualHost config when I was using one with a different port.

<VirtualHost *:6000>
        Header set Access-Control-Allow-Origin "*"
</VirtualHost>

I also ran into the error Dylan Maxey described and got around it by disabling the cache in the browser inspector: Disabling cache in Chromium based browser Here is also a link to a site I found helpful: https://enable-cors.org/server_apache.html