Join Log in
Score:0
DiDebru avatar Server

How do I override the Allow response from Apache 2.4.52

cn flag
DiDebru

My vhost config:

<VirtualHost *:3000>
  ServerAdmin webmaster@localhost
  DocumentRoot "/var/www/bag-design/bag-design-web/build"
  DirectoryIndex index.html
  Header always set Access-Control-Allow-Origin "*"
  Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH"
  Header always set Access-Control-Allow-Headers "*"

  <Directory "/var/www/bag-design/bag-design-web/build">
    AllowOverride All
    Order allow,deny
    Allow from All   
  </Directory>

  ErrorLog ${APACHE_LOG_DIR}/bag_design_error.log
  CustomLog ${APACHE_LOG_DIR}/bag_design_access.log combined

</VirtualHost>

<VirtualHost *:3001>
  ServerAdmin webmaster@localhost
  DocumentRoot "/var/www/bag-design/bag-design-api/dist"
  Header always set Access-Control-Allow-Origin "*"
  Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH"
  Header always set Access-Control-Allow-Headers "*"
  <Directory "/var/www/bag-design/bag-design-api/dist">
    AllowOverride All
    Order allow,deny
    Allow from All   
  </Directory>

  ErrorLog ${APACHE_LOG_DIR}/bag_design_error.log
  CustomLog ${APACHE_LOG_DIR}/bag_design_access.log combined

</VirtualHost>

But when I try to make a PATCH request the response is 405 and I get the following headers:

Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin: *
Allow: GET, POST, PUT, DELETE, OPTIONS, PATCH
Allow: OPTIONS,HEAD,GET,POST
Connection: Keep-Alive
Content-Length: 301
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 18 Jan 2023 10:31:50 GMT
Keep-Alive: timeout=5, max=99
Server: Apache/2.4.52 (Ubuntu)

My question is how can I override the Allow header? I did try to append, unset, set, add, merge this header using Header "method" Allow "PATCH" But nothing worked.

155
1 + 0
Score:0
ezra-s avatar Server
ru flag
ezra-s

One thing is announce clients the methods you allow (through headers) and another how you actually allow them to be used in your config (actual functionality in the server, with a module)

The way to allow methods is through mod_allowmethods module. You have to load it.

And then use the AllowMethods directive. In your directory/location add:

<Directory /var/www/bag-design/bag-design-web/build>
    AllowOverride none
    Require all granted
    AllowMethods GET POST PUT DELETE OPTIONS PATCH 
</Directory>

PS: do not set allowoverride to all unless you really need it, you don´t need if if you are the admin of the site. Also Allow,Deny,Order are older 2.2.x directives, you should not be using them nowadays. Quoting Directory paths is not necessary either.

PS2: Note that aside from allowing a method there must be something that provides that behaviour to apache (mod_dav?)

+ 4
DiDebru avatar
cn flag
DiDebru
But it might not be an apache issue but a CORS issue because in the preflight all methods are allowed but after the preflight PATCH is gone.
0
Reply
ezra-s avatar
ru flag
ezra-s
Not sure what you mean by preflight, you said you get a 405 "method not allowed"and this is why, what you set in a header which for the server is just text (and interpreted only by the client) has nothing to do with what the server will do when you make a request to it.
0
Reply
DiDebru avatar
cn flag
DiDebru
The CORS preflight check whenever you send a request with method X CORS will send an option request first and than sends the actual request.
0
Reply
ezra-s avatar
ru flag
ezra-s
@DiDebru thanks for the explanation. Still, for the 405 error from the server the answer still stands.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.