Litespeed enable Access-Control-Allow-Origin

Posted by Joe Coder Guy on Server Fault See other posts from Server Fault or by Joe Coder Guy
Published on 2012-11-07T03:03:20Z Indexed on 2012/11/07 5:02 UTC
Read the original article Hit count: 1156

Filed under:

.htaccess

|

access-control

|

AJAX

|

cross-domain

|

litespeed

Seriously, I can't find a single page discussing this for litespeed.

Using this format in the htaccess "Header set Access-Control-Allow-Origin http://aSite.com" (and https) sends the setting in the header, but I still get the "XMLHttpRequest cannot load https://aSite.com/aFile.php. Origin aSite.com is not allowed by Access-Control-Allow-Origin" error.

Is the server still blocking it even though I've sent the proper headers?

I read elsewhere that it helps to add these terms

Access-Control-Allow-Headers X-Requested-With
Access-Control-Allow-Methods OPTIONS, GET, POST
Access-Control-Allow-Headers Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control

but I don't see these in my headers.

Using these, my PHP files aren't even reached (because they register no errors or anything), so it looks like it comes from the server only, but what do I know.

Thanks in advance!

© Server Fault or respective owner

Related posts about .htaccess

Seeking htaccess help: Converting multiple subdomains (both http and https) to www.domain.com using .htaccess

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I've been trying to get an answer to this question on other forums (the folks at SuperUser thought this was the place I needed to post) and via my connections, but I haven't gotten very far. Hopefully you guys can help me find an answer: I've got a dozen old subdomains that have been indexed by Google… >>> More
Disable .htaccess or disable some rules from .htaccess on specific URL

as seen on Server Fault - Search for 'Server Fault'
I have Kerberos-based authentication and I want to disable it on only root url: mysite.com/. And I want it to works fine on any other page like mysite.com/page1. I have such things in my .htaccess: AuthType Kerberos AuthName "Domain login" KrbAuthRealms DOMAIN.COM KrbMethodK5Passwd on Krb5KeyTab… >>> More
.htaccess Permission denied. Unable to check htaccess file

as seen on Server Fault - Search for 'Server Fault'
Hi, I have a strange problem when adding a sub-domain to our virtual server. I have done similar sub-domains before and they have worked fine. When I try to access the sub-domain I get an 403 Forbidden error. I checked the error logs and have the following error: pcfg_openfile: unable to check… >>> More
.htaccess Permission denied. Unable to check htaccess file

as seen on Server Fault - Search for 'Server Fault'
I have a strange problem when adding a sub-domain to our virtual server. I have done similar sub-domains before and they have worked fine. When I try to access the sub-domain I get an 403 Forbidden error. I checked the error logs and have the following error: pcfg_openfile: unable to check htaccess… >>> More
Permission denied: /home/.htaccess pcfg_openfile: unable to check htaccess file

as seen on Server Fault - Search for 'Server Fault'
This domain was working this morning, now I get a 403 error and the message above in my error log. I'm not using .htaccess files but I have been doing some copy on the server so may have messed things up but no changes to this domain (unless by accident!). What is this pcfg_openfile thing anyway? Done… >>> More

Related posts about access-control

LiteSpeed enable Access-Control-Allow-Origin (no response header on CORS request)

as seen on Server Fault - Search for 'Server Fault'
Seriously, I can't find a single page discussing this for litespeed. Using this format in the htaccess "Header set Access-Control-Allow-Origin http://aSite.com" (and https) sends the setting in the http response header, but I still get the "XMLHttpRequest cannot load https://aSite.com/aFile.php.… >>> More
DELETE method not working in Apache 2.4

as seen on Server Fault - Search for 'Server Fault'
I'm running Apache 2.4 locally and dealing with RESTful services authenticating through OAuth. GET, PUT and POST work fine but I can't get DELETE to work. I've tried installing WebDAV and mod_dav, overriding methods in .htaccess, tried Limits, force (enable) DELETE options in configuration and pretty… >>> More
CORS Fails on CloudFront Distribution with Nginx Origin

as seen on Server Fault - Search for 'Server Fault'
I have a CloudFront distribution set up with an Nginx server as the origin (a Media Temple DV server, to be specific). I enabled the Access-Control-Allow-Origin: * header so fonts will work in Firefox. However, Firefox throws a CORS error for fonts loaded from this CloudFront/Nginx distribution. I… >>> More
My MS Access control displays no text for appended items following an append query

as seen on Stack Overflow - Search for 'Stack Overflow'
The control in question is part of a datasheet-style subform that feeds off a multi-field combo-box. The control is bound to the first field of the combo box, an ID field which is hidden from view (column width set to zero). Consequently, the second field (Code) is displayed in the control when an… >>> More
ASP.NET and WIF: Showing custom profile username as User.Identity.Name

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I am building ASP.NET MVC application that uses external services to authenticate users. For ASP.NET users are fully authenticated when they are redirected back from external service. In system they are logically authenticated when they have created user profiles. In this posting I will show you how… >>> More