No 'Access-Control-Allow-Origin' header is present on the requested resource"

Question

I have URL rewrite mode enabled for my localhost (apache) server well. But as soon as I try to get access the remote URL via my localhost. it prompts error as:

"Internal Server Error" or sometime "Not Found" 

and if I make little change (by removing [P]) in my htaccess file then it's showing the expected URL at console log but still it prompts error as -

" No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin http://localhost:8080' is therefore not allowed access."

My .htaccess file is as:

 <IfModule mod_rewrite.c>
  RewriteEngine on 
  RewriteCond  %{SERVER_PORT} !^8080$
  RewriteRule ^(.*) http://%{SERVER_NAME}:8080%{REQUEST_URI} [P]
  RewriteRule ^(.*) http://<Remote_ip_address>:<port_no>%{REQUEST_URI} [P]
 </IfModule>

Any suggestion would be highly appreciated !!

Answer 1

This is an intentional security feature (the Same-origin policy ). You need to enable CORS (Cross-Origin Resource Sharing) on the destination server (not in your .htaccess file here, but on Remote_ip_address ). Here are a few resources:

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
• http://enable-cors.org/server_apache.html

Answer 2

This solution below works for me in the vhost file located there :

/etc/httpd/conf.d/vhosts/xxxx.conf

SetEnvIf Origin "^http(s)?://(.+\.)?(yourdomain\.com|otherdomain\.com)$" origin_is=$0
Header set Access-Control-Allow-Origin %{origin_is}e env=origin_is
Header set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "Authorization"
Header always set Access-Control-Allow-Methods "GET"

DO NOT FORGET

• to change yourdomain.com|otherdomain.com
• To add/modify the correct Access-Control-Allow-Methods GET, PUT,PUATCH, DELETE, POST