handling CORS preflight request in Apache

Question

I have a AngularJS app deployed using Yeoman. Cakephp RESTful backend.

The Angular app sends in OPTIONS preflight requests, which the backend responds with forbidden

Answer 1

I had the same question and the answer given does not solve the problem.

By looking around more I found you could do this using the rewrite, e.g:

RewriteEngine On                  
RewriteCond %{REQUEST_METHOD} OPTIONS 
RewriteRule ^(.*)$ $1 [R=200,L]    

(make sure you enable the rewrite mod)

Then you should use, the "always set" to set the headers, e.g:

Header always set Access-Control-Allow-Origin "*"                   
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"

Explanations here: https://serverfault.com/questions/231766/returning-200-ok-in-apache-on-http-options-requests