Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure Apache to let PHP handle OPTIONS HTTP requests? [closed]

In order to set up a proper test suite for CORS (cross-domain requests) I need to be able to handle the HTTP OPTIONS method directly from script. I therefore have a simple PHP script that detects the OPTIONS method, and reacts accordingly by outputting some specific headers.

The PHP side is not a problem. If I use curl to issue GET/POST/HEAD/PUT/etc. requests they all go to the script and it clearly handles them fine. If I issue an OPTIONS request however, it never reaches the script: Apache immediately replies listing a set of methods that it believes to be appropriate for this resource. I can tell that the script isn't run (no logging, none of its output makes it to the response, etc.).

I've been going through the Apache configuration, have made sure no applicable .htaccess is in the way, I've tweaked a bunch of things such as Limit/LimitExcept directives, but I can't get it to change its behaviour. I've also tried to find information on a technique from my youth that could have helped here: NPH (non-parsed headers) scripts; but apparently that has now disappeared (at least, I can't find any recent information about it that works).

So the question is: how do I tweak Apache's configuration so that it will let my script handle OPTIONS?

like image 688
Robin Berjon Avatar asked Nov 27 '12 09:11

Robin Berjon


1 Answers

I just tested my own PHP (5.3, Apache 2.2) and it still works (as it has for a while). OPTIONS get sent through, and appeared in the $_SERVER array as you'd expect

The goal should be to turn the settings back to default (which should work) then build your conf back up with the other options you need.

Otherwise, without seeing the .conf file, we're flying blind - so here are some things to look for.

  1. Limit directives. You said you checked there, but just to debug, remove all references. Include any in vhosts as well as directories can be individually changed.
  2. Same for LimitExcept (you said you tried - just remove them all)
  3. Check both .conf and .htaccess for any redirects or other conditions based on RequestHeader or REQUESTHEADER (do search and analyse)
  4. [I've also read something just now about checking for THE_REQUEST but never heard that one before. Worth checking too?]
  5. Finally, check you don't have a specific handler specified for OPTIONS, i.e. Script OPTIONS /cgi-bin/optionshandler and that your PHP handler is likewise specified to only handle GET and POST. Again remember vhosts and directories and .htaccess can be individually changed so check them all.

That's all I can think of. Otherwise, as I suggested, start from scratch (it works) and build up everything else until it doesn't work.

like image 90
Robbie Avatar answered Oct 02 '22 13:10

Robbie