Project

General

Profile

How do I solve the CORS problem?

Added by SeungHyun Park over 4 years ago

Hello Guys.

I am currently using the following versions of lighttpd on vmware Ubuntu16.04 and aws Ubuntu18.04.
lighttpd / 1.4.45 (ssl)-a light and fast webserver
Build-Date: Jun 24 2019 22:58:56

Before making a request to another domain, I made an ajax request (header added) to another port on my Ubuntu, but the following problem still occurs.
[ browser message : Access to XMLHttpRequest at 'http://mydomain:3000/' from origin 'http://mydomain' has been blocked by CORS policy: Request header field ukey(or X-M2M-RI or X-M2M_Origin is not allowed by Access-Control-Allow-Headers in preflight response.]

[ ajax code ]
$.ajax({
type : "GET",
url : "http://192.168.0.97:3000",
dataType : "application/xml",
//dataType : "jsonp",
//dataType : "text",
headers : { 'Accept' : 'application/xml',
'X-M2M-RI' : '12345',
'X-M2M-Origin' : 'Origin',
'uKey' : 'WUsrcUZGeDlJSHlrTkdOQ3pPZUt0dWtBbHc3L0JDdi9Xa3N1ZTJjVXVYR2dGdkduNGhWd3VJc0xwVU9mUXc3ag==' },
error:function(request, status, error){
alert("code:"+request.status+"\n"+"message:"+request.responseText+"\n"+"error:"+error);
},
success : function(data) {
console.log(data);
}
})

I modified it as below through the information I found on Google, but I keep getting the same problem.
[ lighttpd.conf ]
server.modules = (
"mod_access",
"mod_auth",
"mod_alias",
"mod_compress",
"mod_accesslog",
"mod_fastcgi",
"mod_setenv",
  1. "mod_rewrite",
  2. "mod_redirect",
    "mod_proxy",
    "mod_status",
    )

server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80

#setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
  1. CORS Headers
    setenv.add-response-header = (
    "Access-Control-Allow-Origin" => "*",
    "Access-Control-Allow-Credentials" => "true",
    "Access-Control-Allow-Headers" => "accept, origin, x-requested-with, content-type, x-transmission-session-id",
    "Access-Control-Expose-Headers" => "X-Transmission-Session-Id",
    "X-Proxy" => "www-02",
    "Access-Control-Allow-Methods" => "GET, PUT, POST, HEAD, DELETE, OPTIONS"
    )
  1. strict parsing and normalization of URL for consistency and security
  2. https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
  3. (might need to explicitly set "url-path-2f-decode" = "disable"
  4. if a specific application is encoding URLs inside url-path)
    server.http-parseopts = (
    "header-strict" => "enable",# default
    "host-strict" => "enable",# default
    "host-normalize" => "enable",# default
    "url-normalize-unreserved"=> "enable",# recommended highly
    "url-normalize-required" => "enable",# recommended
    "url-ctrls-reject" => "enable",# recommended
    "url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
    #"url-path-2f-reject" => "enable",
    "url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
    #"url-path-dotseg-reject" => "enable",
    #"url-query-20-plus" => "enable",# consistency in query string
    )

index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )

static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )

  1. default listening port for IPv6 falls back to the IPv4 port
    1. Use ipv6 if available
      #include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
      include_shell "/usr/share/lighttpd/create-mime.assign.pl"
      include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

How do I solve this problem? I need help

lighttpd.conf (2.58 KB) lighttpd.conf my lighttpd config file
minor.html (1.05 KB) minor.html my test ajax code