I have an apache proxy that stay behind cloudflare
This is the scenario
World -> Cloudflare Https -> Apache -> PHP
World -> Cloudflare Https -> Apache/Proxy -> NodeJS
In my apache i put this configuration
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot /var/www/mydomain
RewriteEngine On
Header set Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
<Directory /var/www/mydomain>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Header set Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
</Directory>
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/mydomain-error.log
CustomLog ${APACHE_LOG_DIR}/mydomain-access.log combined
SSLEngine on
SSLCertificateFile /var/www/ssl/crt/mydomain/primary.crt
SSLCertificateKeyFile /var/www/ssl/crt/mydomain/private.key
</VirtualHost>
but when calling an API from any domain return me always error on cors on chrome and firefox
Referrer Policy: strict-origin-when-cross-origin
I found the solution to the problem
Part1: Add to apache configuration,
thee key solution is always set
Part2 you need to set in your application an OPTIONS HTTP request to always return 200
You can use this apache configuration to set it automatically
this solved the problem