Need to set some Headers in .htaccess. Where is it?

richb201 2019-01-23 07:40:06 UTC #1

Keywords: LAMP/MAMP/WAMP - AWS - How to - Other
Description:
I need to set:

Header set Access-Control-Allow-Headers "Authorization, X-Requested-With" in .htaccess. But where is it in the Bitnami world? Here is what I am trying to follow:

Your docs say it should be in /opt/bitnami/apps/APPNAME/conf/htaccess.conf but on my setup I have /opt/bitnami/apache2/conf/httpd.conf NOT htaccess.conf. Please advise where I need to place the Access-Control-Allow-Headers in my Bitnami setup?

davidg 2019-01-23 10:24:29 UTC #2

Hi @richb201,

By default, we disable .htaccess files for security and performance reasons. You can find more info in the link below:
https://docs.bitnami.com/general/infrastructure/lamp/administration/use-htaccess/

We include these files content into the htaccess.conf file for those apps with .htaccess files. We place this file into /opt/bitnami/apps/APPNAME/conf/.

In the case of LAMP, it does not include .htaccess files. You could add the code in /opt/bitnami/apache2/conf/httpd.conf directly or create a /opt/bitnami/apache2/conf/htaccess.conf file adding the line below to httpd.conf file to ge it loaded:

Include "/opt/bitnami/apache2/conf/htaccess.conf"

If you paste the code into htaccess.conf or httpd.conf and restart Apache, the result should be the same that having a .htaccess file. Note that you need to add the code between Directory tags to be applied to the directory where .htaccess would be placed. For example:

<Directory "/opt/bitnami/apps/APPNAME/htdocs/">
    <IfModule mod_headers.c>
          Header set Access-Control-Allow-Headers "Authorization"
    </IfModule>
</Directory>

I hope it helps

richb201 2019-01-23 15:48:17 UTC #3

Thanks David. I see that I have the following in httpd.conf :

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named explicitly --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   AllowOverride FileInfo AuthConfig Limit
#
AllowOverride All

#
# Controls who can get stuff from this server.
#
Require all granted
Header set Access-Control-Allow-Origin "*"

The problem I have is that my browser is causing an OPTION I guess due to the fact that I am trying to send a Json buffer to the server. My server app is not responding correctly to this request so the browser is causing the error:

https://www.rdsubstantiation.com/sub_crud/Subit_backend/register' from origin 'chrome-extension://bdjgnodlhfmhghjhbkkkaaammfocdpib' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

So I need to make sure that the server is not responding back to the browser with content-type. But my app is NOT setting the response to the pre-flight. How can I control the server's pre-flight response?

richb201 2019-01-23 17:26:03 UTC #4

David, I set the following

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named explicitly --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   AllowOverride FileInfo AuthConfig Limit
#
AllowOverride All

#
# Controls who can get stuff from this server.
#
Require all granted
Header set Access-Control-Request-Headers: content-type
Header set Access-Control-Request-Method: POST
Header set Access-Control-Allow-Origin: *

Header set Access-Control-Allow-Origin "*"

But this seems to have no affect. How can I be sure that my changes to httpd.conf are being used? Does Bitnami have some type of document on setting up httpd.conf????

davidg 2019-01-24 10:30:18 UTC #5

If you set AllowOverride All you could use .htaccess files if you want. Using these files does not need to restart Apache for loading its configuration.

If you apply changes in a *.conf file, it is necessary to restart Apache to take effect:

sudo /opt/bitnami/ctlscript.sh restart apache

richb201 2019-01-24 15:54:58 UTC #6

I was informed that I need to turn on Apache headers.

"Then you need to be sure, to enable headers on apache

sudo a2enmod headers
sudo service apache2 restart"

But sudo: a2enmod: command not found

How do I turn this on?

davidg 2019-01-25 10:52:57 UTC #7

You should uncomment the line below in your /opt/bitnami/apache2/conf/httpd.conf file:

LoadModule headers_module modules/mod_headers.so

You can check the loaded modules by running:

/opt/bitnami/apache2/bin/apachectl -M

Regards

system 2019-02-08 10:53:06 UTC #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Powered by Discourse, best viewed with JavaScript enabled

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!

SugarCRM

Drupal

WordPress

Joomla!

Redmine