Issues enabling CORS with header addition

Website, Application, Performance Security
1

I am required to add some code to the header of my .htaccess file in folder /.well-known directory on our domain/vps, (below) it seems that Cloudflare services are affecting the outcome . Do i need change something to get this working properly?

Header set Access-Control-Allow-Origin ""

or

Header set Access-Control-Allow-Origin "*"

been using this to test ,

curl --head https://www.oenoviva-capital-resources.com/.well-known/stellar.toml

returns this ,

HTTP/2 200
date: Tue, 07 May 2019 18:19:41 GMT
content-length: 2741
set-cookie: __cfduid=d309fb717a693dc5af271c010a70614fd1557253181; expires=Wed, 06-May-20 18:19:41 GMT; path=/; domain=.oenoviva-capital-resources.com; HttpOnly; Secure
last-modified: Tue, 07 May 2019 15:44:37 GMT
etag: “ab5-5884e18257b2f”
accept-ranges: bytes
expect-ct: max-age=604800, report-uri=“https://report-uri.Cloudflare.com/cdn-cgi/beacon/expect-ct
server: Cloudflare
cf-ray: 4d35341e0ea2709c-SIN

2

The output you are seeing shows that Cloudflare is not caching this file, and that the CORS header is not present in the response from your origin.

If you have put the Apache config in place a number of things might cause it not to work, including:

  • .htaccess being disabled (AllowOverride none in your Apache config)
  • Apache needing a reload (apachectl -k graceful)
  • mod_headers not being enabled

You can try and bypass CF in your tests directly to the Origin using this:

> curl -sD - -o /dev/null --header 'Host: www.oenoviva-capital-resources.com' --header 'Origin: https://www.example.com' http://256.256.256.199/.well-known/stellar.toml

2 Likes
3

This topic was automatically closed after 30 days. New replies are no longer allowed.