在 Apache 中处理 CORS 预检请求 [英] handling CORS preflight request in Apache

问题描述

我有一个使用 Yeoman 部署的 AngularJS 应用程序.Cakephp RESTful 后端.

I have a AngularJS app deployed using Yeoman. Cakephp RESTful backend.

Angular 应用程序发送 OPTIONS 预检请求，后端以禁止 (403) 响应，在 nginx 中解决这个问题我使用了这个:

The Angular app sends in OPTIONS preflight requests, which the backend responds with forbidden (403), in nginx to solve this problem I have used this:

if ($request_method = 'OPTIONS') {
     add_header 'Access-Control-Allow-Origin' '*'; 
     add_header 'Access-Control-Allow-Credentials' 'true';
     add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE'; 
     add_header 'Access-Control-Allow-Headers' 'X-AuthTokenHeader,Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';   
     add_header 'Access-Control-Max-Age' 1728000;
     add_header 'Content-Type' 'text/plain charset=UTF-8';
     add_header 'Content-Length' 0;
     return 204; 
}

我如何在 Apache 中执行此操作?请提供一些初步的指导/意见，我会在之后弄清楚细节，并用细粒度的细节改进问题.

How do I go about doing this in Apache? Please provide some preliminary guidance/comments, I will figure out the details after that and improve the question with granular details.

推荐答案

我有同样的问题，但给出的答案并没有解决问题.

I had the same question and the answer given does not solve the problem.

通过环顾四周，我发现您可以使用重写来做到这一点，例如:

By looking around more I found you could do this using the rewrite, e.g:

RewriteEngine On                  
RewriteCond %{REQUEST_METHOD} OPTIONS 
RewriteRule ^(.*)$ $1 [R=200,L]    

(确保您启用了重写模块)

(make sure you enable the rewrite mod)

然后您应该使用始终设置"来设置标题，例如:

Then you should use, the "always set" to set the headers, e.g:

Header always set Access-Control-Allow-Origin "*"                   
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"

此处说明:https://serverfault.com/问题/231766/returning-200-ok-in-apache-on-http-options-requests

这篇关于在 Apache 中处理 CORS 预检请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！