Apache Configure CORS Headers for Whitelist Routes

允我心安 提交于 2021-02-08 10:14:27

问题


I'm trying to allow calls made to "/api/whateverEndpoint", while keeping CORS strict for all other calls.

I've come across this link Whitelisted CORS using Apache which gives the solution for origin filtering:

# e.g. origin = https://host-b.local
SetEnvIfNoCase Origin "https://host-b.local" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin

But i need to adapt this to filter based on the request uri.

Any idea is greatly appreciated


回答1:


So you just need to set a variable based on a match against Request_URI, then use that; like this:

SetEnvIf Request_URI "^/api/whateverEndpoint" IsAllowedEndpoint
Header set Access-Control-Allow-Origin "*" env=IsAllowedEndpoint


来源:https://stackoverflow.com/questions/42000914/apache-configure-cors-headers-for-whitelist-routes

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!