search

spatie / laravel-cors

Send CORS headers in a Laravel application
https://spatie.be/en/opensource/laravel
MIT License
603 stars 59 forks source link

Apache seems to prevent response header injection #10

Closed clemblanco closed 6 years ago

clemblanco commented 6 years ago

Hi,

Everything works fine locally using Docker and an Apache 2.2 image however on my staging server (also Apache 2.2) the response headers are not injected properly?

I managed to get those headers injected manually by adding the following to the top of my /public/.htaccess file:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET"
    Header set Access-Control-Allow-Headers "Accept, Content-Type, Authorization"
</IfModule>

but here I'm king of loosing the interest in using your package :/

Any idea of what kind of Apache configuration would be required to allow Laravel to inject those headers in my responses?

Thanks!

AlexVanderbist commented 6 years ago

Hi @clementblanco, we're mainly using NGINX over here and my knowledge of Apache is limited. However I couldn't find any information about Apache not allowing headers to be set by PHP. Are you sure they're not being overwritten in some .htaccess file or the config?

Maybe someone else using Apache can shed some light on this.

manniL commented 6 years ago

I'm using Apache regularly, but for me, laravel-cors does what it should.

spatie-bot commented 6 years ago

Dear contributor,

because this issue seems to be inactive for quite some time now, I've automatically closed it. If you feel this issue deserves some attention from my human colleagues feel free to reopen it.