Support CORS #38
Description
How can I easily set Access-Control-Allow-Origin header in Apache webdav config?
Maybe we can have SUPPORT_CORS boolean environment and add (Access-Control-Allow-Origin: *) rule to the response header.
And OPTIONS request needs to be not Authenticated - it is for initial CORS preflight request and if its need Authentication for OPTIONS the error will be:
Access to XMLHttpRequest at 'http://localhost:9988/' from origin 'http://localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
The reson for this is HTTP 401 status from preflight request
curl -XOPTIONS -H "Access-Control-Request-Method: GET" -H "Origin: http://localhost:8000" --head http://localhost:9988/webdav/server
HTTP/1.1 401 Unauthorized
Date: Wed, 06 Jul 2022 15:03:32 GMT
Server: Apache/2.4.37 (Unix)
Access-Control-Allow-Origin: http://localhost:8000
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK, PROPFIND
Access-Control-Allow-Headers: origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite
WWW-Authenticate: Basic realm="WebDAV"
Content-Length: 381
Content-Type: text/html; charset=iso-8859-1