Hi,
I am doing some testing with Apache (2.4.29, which I just happen to have), testing some edge CORS-type scenarios.
I have 2 machines. On the 1st machine, I have an HTML page that has javascript/XHR to the 2nd Apache (which has an FQDN with a different DNS root domain).
I load the page into the browser on the 1st machine from the filesystem (which will cause the XHR request to the Apache on the 2nd machine to have "Origin: null"), and I have an htdocs/corstest/index.html on the Apache on the 2nd machine, and the request coming into that Apache has an "Origin: null" HTTP header (I have mod_log_forensic installed so I can see the request), and the test case I want to implement is to somehow strip that HTTP header out from the request before Apache processes the request.
I have tried:
<Location /corstest>
RequestHeader unset Origin early (both with, and without, the "early")
Header set Access-Control-Allow-Origin "http://charlieeastweb04.sbx.gxaws.com:7777"
</Location>
but the "RequestHeader" directive doesn't seem to be doing anything (the Apache still seems to see the "Origin: null" header:
- I still see the "Origin: null" in the forensic log
- In the browser debugger, I still see:
"Access to XMLHttpRequest at 'http://fakecors.whatever.com:7777/corstest/index.html' from origin 'null' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://xxx.yyyy:7777' that is not equal to the supplied origin."
Is there some way to accomplish what I am trying to do (strip the Origin header out from the request)?
Thanks,
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
I am doing some testing with Apache (2.4.29, which I just happen to have), testing some edge CORS-type scenarios.
I have 2 machines. On the 1st machine, I have an HTML page that has javascript/XHR to the 2nd Apache (which has an FQDN with a different DNS root domain).
I load the page into the browser on the 1st machine from the filesystem (which will cause the XHR request to the Apache on the 2nd machine to have "Origin: null"), and I have an htdocs/corstest/index.html on the Apache on the 2nd machine, and the request coming into that Apache has an "Origin: null" HTTP header (I have mod_log_forensic installed so I can see the request), and the test case I want to implement is to somehow strip that HTTP header out from the request before Apache processes the request.
I have tried:
<Location /corstest>
RequestHeader unset Origin early (both with, and without, the "early")
Header set Access-Control-Allow-Origin "http://charlieeastweb04.sbx.gxaws.com:7777"
</Location>
but the "RequestHeader" directive doesn't seem to be doing anything (the Apache still seems to see the "Origin: null" header:
- I still see the "Origin: null" in the forensic log
- In the browser debugger, I still see:
"Access to XMLHttpRequest at 'http://fakecors.whatever.com:7777/corstest/index.html' from origin 'null' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://xxx.yyyy:7777' that is not equal to the supplied origin."
Is there some way to accomplish what I am trying to do (strip the Origin header out from the request)?
Thanks,
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org