Enable CORS in a specific folder with dot in directory name

1.1k views Asked by At

I am trying to enable CORS in a specific file (stellar.toml) located at mydomain.com/.well-known/stellar.toml

I added the below catch all and allow for testing in my .htaccess file on my litespeed/wordpress site:

Access-Control-Allow-Origin: *

If I test it using curl command, I do not see 'access-control-allow-origin: *'. However, if I rename the directory just by removing the dot from the directory name (from .well-known to well-known) and do curl, it works:

curl --head mydomain.com/well-known/stellar.toml

enter image description here

What is happening?

2

There are 2 answers

1
Pablo M. On

The .htaccess setting may not work because the CORS setting must be in the 'backend' if you use php, set the header in your index.php.

Headers in PHP instead of the .htaccess file: https://stackoverflow.com/a/14469443/7306365

Configuration on nginx / Apache Server: https://stackoverflow.com/a/41039506/7306365

0
Saj On

Since I got the answer with some R&D by spinning and testing on some other servers like Apache2 and Nginx, thought I'd share my findings.

I was hosting my web application on a shared hosting provider which uses LiteSpeed. Since dotfiles are usually used as configuration file, LiteSpeed don't expose them easily. You can modify LiteSpeed's configuration by doing this. However, you would need root access and will affect all apps running on that LiteServer which your hosting provider typically would not allow unless your hosting provider want to do that for you for your specific file and location.

I got some cheap VPS at SSD Nodes and tried enabling CORS using Apache 2 and Nginx. It was easy without modifying root level configuration. After my successful test, I looked for some other shared hosting that uses either Apache2 or Nginx and moved my web app from old hosting provider to a new one. One point to note that while I was doing my research I found out that most providers these days use LiteSpeed.