We built a RESTful server with CORS enabled which means it will be getting OPTIONS requests from the clients. We would like to have the webserver handle these, not our downstream REST-server. How can we configure Apache to handle these request without invoking any external scripts?
In NGINX it is something like this:
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "ACCEPT, ORIGIN, X-REQUESTED-WITH, CONTENT-TYPE, AUTHORIZATION";
add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
But we can't find a similar mechanism in Apache. [edit] The trick is not to set the headers, thats obvious in Apache, but to return '200' from the request without invoking any external script. [/edit]
Need it for our local dev-servers which don't run NGINX. Thanks!
Best Answer
For setting those headers in Apache httpd, have a look at the
mod_headers. Here is an example (found after some quick googling) that appears to do what you're looking for: http://saulalbert.net/blog/access-control-allow-origin-xmlhttprequest-day-what-fun/On a side note, since your setup appears to be using NGINX in higher environments, it would be wise to use to NGINX for local dev servers as well, if possible.