handling CORS preflight request in Apache

Question

I have a AngularJS app deployed using Yeoman. Cakephp RESTful backend.

The Angular app sends in OPTIONS preflight requests, which the backend responds with forbidden

Answer 1

Add this to your .htaccess file to your apache root directory:

Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

Make sure to activate the apache module headers:

a2enmod headers

Source: https://stackoverflow.com/a/11691776/1494875