22:54 - Thursday, 24 April 2014

Header Set Access-Control-Allow-Origin Not Working With Mod_rewrite + Mod_jk

#Topics: not found in Access-Control-Allow-Origin header,origin not found in access-control-allow-origin header,access-control-allow-origin * not working,Origin about: not found in Access-Control-Allow-Origin header,mod_headers not working

My first question on here on SF so please forgive me if I manage to bork the post. :)

Anyways, I’m using mod_rewrite on one of my machines with a simple rule that redirects to a webapp on another machine. I’m also setting the header ‘Access-Control-Allow-Origin’ on both machines. The problem is that when I hit the rewrite rule, I loose the ‘Access-Control-Allow-Origin’ header setting.

Here’s an example of the Apache config for the first machine:

NameVirtualHost   DocumentRoot /var/www/host.example.com   ServerName host.example.com   JkMount /webapp/* jkworker   Header set Access-Control-Allow-Origin "*"   RewriteEngine on   RewriteRule   ^/otherhost  http://otherhost.example.com/webapp [R,L]

And here’s an example of the Apache config for the second:

NameVirtualHost   DocumentRoot /var/www/otherhost.example.com   ServerName otherhost.example.com   JkMount /webapp/* jkworker   Header set Access-Control-Allow-Origin "*"

When I hit host.example.com we see that the header is set:

$ curl -i http://host.example.com/HTTP/1.1 302 Moved TemporarilyServer: Apache/2.2.11 (FreeBSD) mod_ssl/2.2.11 OpenSSL/0.9.7e-p1 DAV/2 mod_jk/1.2.26Content-Length: 0Access-Control-Allow-Origin: *Content-Type: text/html;charset=ISO-8859-1

And when I hit otherhost.example.com we see that it too is setting the header:

$ curl -i http://otherhost.example.comHTTP/1.1 200 OKServer: Apache/2.0.46 (Red Hat)Location: http://otherhost.example.com/index.htmContent-Length: 0Access-Control-Allow-Origin: *Content-Type: text/html;charset=UTF-8

But when I try to hit the rewrite rule at host.example.com/otherhost we get no love:

$ curl -i http://host.example.com/otherhost/HTTP/1.1 302 FoundServer: Apache/2.2.11 (FreeBSD) mod_ssl/2.2.11 OpenSSL/0.9.7e-p1 DAV/2 mod_jk/1.2.26Location: http://otherhost.example.com/Content-Length: 0Content-Type: text/html; charset=iso-8859-1

Can anybody point out what I’m doing wrong here? Could mod_jk be part of the problem?

I’ve successfully used:

SetEnvIf Origin "http(s)?://(domaine1.com|domain2.com)$" AccessControlAllowOrigin=$0Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin

from http://www.cameronstokes.com/2010/12/26/cross-origin-resource-sharing-and-apache-httpd/

Since it’s a redirect, you need “header set always …” due to some unfortunate Apache internals. As long as you’re not editing/overwriting an existing header, “always” is reasonable to just slap in there w/o much worry.