[users@httpd] CORS configuration with Apache server

Thu, 24 Nov 2016 18:11:26 -0800 

I am using Apache 2.4 for Windows, with Windows 10.

I have configured a reverse proxy with the Apache server.
My web application works behind the Apache reverse proxy.

I am trying to use my web application ('http://192.168.1.2:20100) to copy a 
jpeg picture from another website which unfortunately has no CORS configuration 
('http://192.168.1.103:80). I have no access to change it.
The schematic is to have my web application send a request to the Apache 
server. The Apache server copy the jpeg image from the website. Then the 
picture is sent back to my web application by the Apache server.

Below is the configuration on the Apache server to enable CORS:

Listen 192.168.1.2:8080

<FilesMatch "\.(gif|ico|jpe?g|png)$">
     Header always set Access-Control-Allow-Origin: http://192.168.1.2
     Header always set Access-Control-Allow-Credentials: true
     Header always set Access-Control-Max-Age: 86400
     Header always set Access-Control-Allow-Headers 
"X-Requested-With,Origin,Authorization,X-Accept-Charset,X-Accept,Content-Type"
     Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
     Header always set Access-Control-Request-Headers 
"X-Requested-With,Origin,Authorization,X-Accept-Charset,X-Accept,Content-Type"
    RewriteEngine On
     RewriteCond %{REQUEST_METHOD} OPTIONS
     RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]
</FilesMatch>

This configuration is in the Apache httpd.conf file.
When I run my web application, I am getting the error message below:

Access to Image at 'http://192.168.1.103:80' from origin 
'http://192.168.1.103:80'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin'
header is present on the requested resource. Origin 'http://192.168.1.2:8080' 
is therefore not allowed access.

So, I think the problem is that the Apache server transmits the CORS request, 
from my web application, to the target website which cannot accept it. So the 
CORS request from my web application must not be transmitted to the target 
website by the Apache server.
So, how can I configure the Apache server so that it will receive and accept 
the CORS from my web application but will submit a normal request (without 
CORS) to the target website?

Reply via email to