stackoom
  简体   繁体   中英

HTTP Response Header is being overwritten. Where all can HTTP Response headers be set in apache?

 原文  2015-07-11 05:39:18       php/ apache/ .htaccess/ http-headers

Question

I have a PHP application where I conditionally set the Access-Control-Allow-Origin header. I see the change reflected on my local setup and on the dev environment, but on the live site, the header is set as something else. The other headers that I set along with it keep their values, so it leads me to believe that the Access-Control-Allow-Origin header is being overwritten somewhere else.

I've checked the .htaccess files in my project and the apache virtual host configuration file for possible places the header could be overwritten. It was being set in the virtual host config file, but I commented it out and restarted apache, but the header is still being overwritten.

Is there any other place that I can check to see if the header is being overwritten?

Thanks in advance for your help!

Here is the requested PHP code snippet: 

    $origin=$front->getRequest()->getHeader('Origin');
    if($origin && (preg_match('/http[s]{0,1}:\/\/' . $front->getRequest()->getHttpHost() . '$/', $origin))){
        $front->getResponse()->setHeader('Access-Control-Allow-Origin', $origin);
        $front->getResponse()->setHeader('Access-Control-Allow-Credentials', 'true');
    }else{
        //leave current value if there is no match
        $front->getResponse()->setHeader('Access-Control-Allow-Origin', '*');
    }

I'm pretty sure the header is being overwritten by something else because I can see the Access-Control-Allow-Credentials:true come through as expected, but Access-Control-Allow-Origin has a value of * .

2 answers

solution1
 1 ACCPTED  2015-07-11 16:26:39

I did some more digging and found this link to do the same in the .htaccess. I ended up adding the following: 

SetEnvIf Origin "^http(s)?://(.+\.)?(www.example.com)$" origin_is=$0
Header set Access-Control-Allow-Origin %{origin_is}e env=origin_is
Header set Access-Control-Allow-Credentials true env=origin_is

solution2
 0  2015-07-11 05:54:42

You can set header from htaccess: 

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>

Or from PHP: 

header("access-control-allow-origin: *");

You can use: 

<IfModule mod_headers.c>
  <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css)$">
    Header set Access-Control-Allow-Origin "*"
  </FilesMatch>
</IfModule>

to apply htaccess header for specified files.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Canonical Link HTTP Response Header being stripped using PHP / Apache Prevent modifying http response headers in Apache Regex HTTP Response Header Error in HTTP response header HTTP header response data Send custom HTTP headers AND get response header - curl Adding HTTP Headers on SoapServer Response remove http response headers in zend PHP + CURL http response headers How to reduce apache http response header size while 304 Not Modified
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM