5
9

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

apache2.2 CORS設定

Last updated at Posted at 2018-12-19

クロスドメインからの特定URLへのアクセスのみ許可する設定

条件

  • 確認ブラウザ chrome
  • オリジンドメイン http://origin.com
  • クロスドメイン https://cross.com
  • 上記の条件の場合、クロスドメインからの https://origin.com/sub/ へのアクセスのみCORS設定
  • cookieも使用

apache2/conf/httpd.conf

apache2/conf/httpd.conf
<Location /sub/>
        <IfModule mod_headers.c>
                # リクエストのOriginヘッダが指定ドメイン場合はAccessControlAllowOrigin変数へOriginドメインをセット
                SetEnvIf Origin "^https://cross.com$" AccessControlAllowOrigin=$0
                SetEnvIf Origin "^http://cross.com$" AccessControlAllowOrigin=$0
                # AccessControlAllowOrigin変数が空ではない場合、Access-Control-Allow-OriginレスポンスヘッダへAccessControlAllowOrigin変数の値をセット
                Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
                # AccessControlAllowOrigin変数が空ではない場合、Access-Control-Allow-Credentialsレスポンスヘッダへtrueをセット
                Header set Access-Control-Allow-Credentials true env=AccessControlAllowOrigin
        </IfModule>
</Location>

テスト(設定反映前)

Access to XMLHttpRequest at 'https://origin.com/sub' from origin 'https://cross.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

テスト(設定反映後)

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://cross.com
5
9
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
5
9

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?