So far, I didn't find good documnetation for the server side configuration.
This is the ajax code sending the request:
- Code: Select all
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.open("GET", "https://cloud.domain.com/remote.php/webdav/path/to/my/file.7z");
console.log('open x');
xhr.setRequestHeader("content-type", "application/txt");
xhr.setRequestHeader("authorization", "Basic 3j893njd83jneu32");
And this is the apache configuration:
- Code: Select all
<VirtualHost *:443>
Header set Access-Control-Allow-Origin 'https://example.callingdomain.com'
Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "x-requested-with, content-type, origin, authorization, accept, client-security-token"
...
</VirtualHost>
- Is it correct to insert Header statments under <VirtualHost> ?
- I don't know how to hanlde cors autentication server side. Is Access-Control-Allow-Credentials "true" sufficinet?
- Is there apache official documentation about cors?
- Any other suggestion is very welcome.
I'll report the client error messages as soon ad I can get them in english.
Anyway, the preflight request is failing.
I get no log in apache even setting debug level.
Thank you very much.