: Apache2 Ubuntu 16.04 Impossible To Get CORS Working When visiting my website i get an error in console tab (using firefox). The error is: Cross-Origin Request Blocked: The Same Origin Policy

@Si4351233

Get rid of the CORS declaration in your .htaccess file as it is only needed in one spot and since you have access to a vhost file it is better off there.

A check of the vhost file you provided shows what the problem would be. You have created a self closed directory configuration <Directory /> which won't work. I have rewritten the vhost file below...

<VirtualHost *>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/website
<Directory /var/www/>
Header set Access-Control-Allow-Origin "*"
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

</VirtualHost>


You will notice that the CORS header has been moved to the <Directory /var/www> block which is where it should be.

Vote Up Vote Down