Apache Header Module Loaded but can’t set headers in htaccess

.htaccessapache-2.2corshttp-headershttpd.conf

I have Apache 2.2.29 (unix) setup and running on my new dev machine (mac). I am trying to set CORS headers for an API project – something that I have done many times.

The htaccess file for the project looks like this:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" 
    Header set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
    ServerSignature Off
</IfModule>
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /cms/public
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
    RewriteRule (.+) index.php?p=$1 [QSA,L]
</IfModule>

and the headers module is loaded in my conf:

LoadModule headers_module libexec/mod_headers.so

The module file exisits in the location shown in the apache conf and is it loaded OK:

dan$ httpd -M

Loaded Modules:
 core_module (static)
 mpm_event_module (static)
 http_module (static)
 so_module (static)
 authn_file_module (shared)
 authn_dbm_module (shared)
 authn_anon_module (shared)
 ...
 headers_module (shared)

I have also checked the conf override settings in my main conf and the included vhosts conf:

<Directory "/Users/dan/Sites">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Allow from all
    </IfModule>
</Directory>

However, headers aren't being set as expected. Heres the response headers when making a request to an API project using the above htaccess file:

HTTP/1.1 200 OK
Date: Wed, 22 Jul 2015 10:36:05 GMT
Server: Apache/2.2.29 (Unix) DAV/2 mod_fastcgi/2.4.6 mod_ssl/2.2.29 OpenSSL/1.0.2c
Expires: Wed, 15 Jul 2015 10:36:05 GMT
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8

I have tested the application setup in other apache environments and it is working as expected…so it's definitely something to do with my setup. It's driving me crazy!

Any thoughts?
Dan

Best Answer

For all who still have this problem: for me it helped to change allowOverride None to allowOverride All in the httpd.conf file

Related Topic