How to Enable CORS in Apache Web Server

Last updated on December 14th, 2021 at 03:57 am

By default, cross domain requests are disabled in Apache web server. You need to set the Access-Control-Allow-Origin header to enable CORS (Cross Origin Resource Sharing) in Apache. Here are the steps to enable CORS in Apache web server.

How to Enable CORS in Apache Web Server

Here’s how to enable CORS in Apache

1. Enable headers module

You need to enable headers module to enable CORS in Apache.

Ubuntu/Debian

In ubuntu/debian linux, open terminal & run the following command to enable headers module.

$ sudo a2enmod headers

CentOS/Redhat/Fedora

In CentOS/Redhat/Fedora linux, open the Apache configuration file httpd.conf and uncomment the following line by removing # in front of them.

LoadModule headers_module modules/mod_headers.so

Bonus Read : How to List All Virtual Hosts in Apache

2. Enable CORS in Apache

Next, add the “Header add Access-Control-Allow-Origin *” directive to either your Apache config file, or .htaccess file, or Virtual Host configuration file, depending on your requirement. If you add it to your main configuration file, CORS will be enabled to all websites on your server. If you add it to .htaccess file or  virtual host configuration file, then it will be enabled for only that file’s website. Here are examples of how to add this directive in different files. You can use any one of them.

Directory Tag in Main Configuration File

<Directory /var/www/html>
   ...
   Header set Access-Control-Allow-Origin "*"
   ...
</Directory>

Anywhere in .htaccess file

   ...
   Header add Access-Control-Allow-Origin "*"
   ...

VirtualHost Tag in Virtual Host Configuration File

<VirtualHost *:443>
   ...
   Header add Access-Control-Allow-Origin "*"
   ...
</VirtualHost>

Bonus Read : How to Enable  TLS 1.3 in Apache

There are different configurations available to enable CORS in Apache.

Enable CORS from all websites

If you want to enable CORS for all websites, that is, accept cross domain requests from all websites, add the following

Header add Access-Control-Allow-Origin *;

In the above statement, we use wildcard (*) for Apache Access-Control-Allow-Origin directive

Enable  CORS from one domain

If you want to enable CORS for one website domain (e.g example.com), specify that domain in place of wildcard character *.

Header add Access-Control-Allow-Origin "example.com";

Enable CORS from multiple domains

If you want to enable CORS for multiple domains (e.g example1.com, example2.com,example3.com), specify them separately one after another

Header add Access-Control-Allow-Origin "example1.com";
Header add Access-Control-Allow-Origin "example2.com";
Header add Access-Control-Allow-Origin "example3.com";

Enable CORS from localhost

If you want to enable CORS from localhost, add 127.0.0.1 or localhost in place of domain name

Header add Access-Control-Allow-Origin "localhost";

Bonus Read : How to Install Varnish in Ubuntu

3. Restart Apache Server

Restart Apache web server to apply changes

-------------- On Debian/Ubuntu -------------- 
# apache2 -t
# systemctl restart apache2.service

-------------- On RHEL/CentOS/Fedora --------------
# httpd -t
# systemctl restart httpd.service

You can use free online tools like Test CORS to test if your website accepts CORS.

That’s it! Hopefully the above tutorial will help you enable CORS in Apache.

Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it today!