Solving:
1. Security requests from external sites
/etc/apache2/conf-available/
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
Header always set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
2. For work over HTTPS from smartphone
/etc/apache2/sites-available/
SSLCACertificateFile /etc/apache2/ssl/Geotrust-CA.cer
3. Automatic answer for HTTP OPTIONS request
/var/www/html/mysite/.htaccess
#Header add Access-Control-Allow-Origin "*"
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>
4. Update apache2.config
/etc/apache2/apache2.conf
<Directory /var/www/html/myapi >
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
No comments:
Post a Comment