IBM Support

Enabling Cross-Origin Resource Sharing (CORS) in HTTP Apache

Troubleshooting


Problem

This document will describe the configuration needed to allow an HTTP server to support Cross-Origin Resource Sharing (CORS)

Resolving The Problem

To enable CORS for an HTTP server the following needs to be added to the configuration:

V7R1 and below (Apache 2.2.x):

<Location />
order allow,deny
allow from all
Header set Access-Control-Allow-Origin "*"
</Location>

For those with additional requirements for CORS the following can be used:

<Location/> 
  order allow,deny 
  allow from all
  Header always set Access-Control-Allow-Origin "*" 
  Header always set Access-Control-Allow-Methods "POST,GET,OPTIONS,DELETE,PUT"
  Header always set Access-Control-Max-Age "3600"
  Header always set Access-Control-Allow-Headers "Content-Type,Authorization"
  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} OPTIONS
  RewriteRule ^(.*)$ $1 [R=200,L]
</Location>


V7R2 and above (Apache 2.4.x):

<Location />
Require All granted
Header set Access-Control-Allow-Origin "*"
</Location>

For those with additional requirements for CORS the following can be used:

<Location/> 
  Require all granted 
  Header always set Access-Control-Allow-Origin "*" 
  Header always set Access-Control-Allow-Methods "POST,GET,OPTIONS,DELETE,PUT"
  Header always set Access-Control-Max-Age "3600"
  Header always set Access-Control-Allow-Headers "Content-Type,Authorization"
  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} OPTIONS
  RewriteRule ^(.*)$ $1 [R=200,L]
</Location>


Once these directives the HTTP server needs to be ended and restarted (replace serverName with the HTTP instance name):

ENDTCPSVR SERVER(*HTTP) HTTPSVR(serverName)

STRTCPSVR SERVER(*HTTP) HTTPSVR(serverName)

Document information

More support for: IBM i

Component: Web technologies

Software version: Version Independent

Operating system(s): IBM i

Reference #: N1022213

Modified date: 18 July 2018