Recent Changes - Search:

edit SideBar


"Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page to be requested from another domain outside the domain from which the resource originated." (Wikipedia)


Test Case

For a CORS Test Case

  1. Run the host web server in the accessors repo, instructions at: accessors/web/hosts/browser/test/README.txt or :
    cd ~/src
    svn co
    cd accessors/web/hosts/browser/test/
    node testServer.js
  2. Open a browser and point to: http://localhost:8088/hosts/browser/test/testCORS.html
  3. Enter for the URL input, click "react to inputs". A bunch of text should show up for the "response" value.
  4. Then open a debugger pane in your browser and enter for the URL input:, click "react to inputs". The response value should be "error" and you should see an error message in the browser debugger console similar to (Firefox):
    Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at (Reason: CORS header 'Access-Control-Allow-Origin' missing).

Below is the output:

.htaccess File says that to create a .htaccess that contains:

 Header set Access-Control-Allow-Origin "*"

When I go to http://localhost:8088/hosts/browser/test/testCORS.html, enter, click "react to inputs", I'm getting a 404 for .htaccess. /usr/local/apache/logs/access_log_terraswarm says: - - [11/Jan/2016:08:35:35 -0800] "GET /.htaccess HTTP/1.1" 404 6440

And /usr/local/apache/logs/error_log says:

 [Mon Jan 11 08:50:34 2016] [error] [client] client denied by server configuration: /home/www/terraswarmwww/.htaccess

Also, going to from a browser fails.

It could be that downloading the .htaccess file is not permitted, so let's try a different route:

Apache Configuration

/usr/local/apache/conf/extra/httpd-vhosts.conf was updated with:

DocumentRoot /home/www/terraswarmwww
# See {$ACCESSORS_HOME}/wiki/Main/Cross-OriginRequestBlocked
Header set Access-Control-Allow-Origin "*"

Then, as root:
(:source lang="bash":)
[root@moog terraswarmwww]# apachectl -t
Syntax OK
[root@moog terraswarmwww]# /etc/init.d/apachectl graceful
[root@moog terraswarmwww]#

In Firefox, enable Tools->Web Developer -> Toggle Tools

Go to http://localhost:8088/hosts/browser/test/testCORS.html, enter, click "react to inputs".

In the Outputs section, the contents of the website will appear and access-control-allow-origin: "*" will appear in the Headers



<Directory />
# See {$ACCESSORS_HOME}/wiki/Main/Cross-OriginRequestBlocked
Header set Access-Control-Allow-Origin "*"
and restarting Apache works in that when I go to, in the Firefox debugger, I can see access-control-allow-origin:"*"

To set this just for, the section for TerraSwarm in /usr/local/apache/conf/extra/httpd-vhosts.conf contains:

<Location /accessors >
# See {$ACCESSORS_HOME}/wiki/Main/Cross-OriginRequestBlocked
Header set Access-Control-Allow-Origin "*"

See Also

Edit - History - Print - Recent Changes - Search
Page last modified on February 13, 2017, at 12:39 PM