This is an old revision of the document!
Enabling Cross-Origin Resource Sharing
Cross-Origin Resource Sharing (CORS) is a specification that enables truly open access across domain-boundaries. If you serve public content, please consider using CORS to open it up for universal JavaScript/browser access. CORS introduces a standard mechanism that can be used by all browsers for implementing cross-domain requests.
How to Enable
Method 1: Set from .htaccess
Navigate to Web Admin > Configurations > Your Virtual Hosts > General > HT Access section:
- Click Edit button
- Enable
Limit
,Auth
,FileInfo
,Indexes
,Options
form Allow Override - Click Save button
- Do graceful restart
Set CORS header to .htaccess file
- Create .htaccess file if not exist and writable, e.g.
file='/usr/local/lsws/DEFAULT/html/.htaccess'; ( [ -e "$file" ] || touch "$file" ) && [ ! -w "$file" ] && echo cannot write to $file && exit 1
Method 2: Set from config
Navigate to Web Admin > Configurations > Your Virtual Hosts > Context:
- Click Add button
- Choose Static type
- Set URI / (Change this if you want)
- Set Location $SERVER_ROOT/Example/html/ (Change this if you want)
- Set Accessible to Yes
- Extra Headers Access-Control-Allow-Origin *
- Click Save button
How to verify
Before verification
Start verification
Test CORS is not easy, here we are going to use Test-cors online tool to verify it with simple step.
Tool shows like this, basically we need to enter in HTTP Method and Target Remote URL
How to support more method
Default CORS support method: PUSH, GET and HEAD. What if I want to support OPTIONS and DELETE?
Method 1: Set from .htaccess
You can simply append Header always set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE"
to .htaccess file
Method 2: Set from config
You can simply append Extra Headers Access-Control-Allow-Methods GET, POST, OPTIONS, DELETE
.
You can try verification again with sending DELETE HTTP method. You will see 200 response.
More Information
- More HTTP method and request please refer HTTP Headers
- Learn more about CORS please refer CORS information