OS=GNU/Linux Debian
Httpd=Apache/2.4.10

字符串
修改/etc/apache 2/apache2.conf

<Directory /var/www/html>
     Order Allow,Deny
     Allow from all
     AllowOverride all
     Header set Access-Control-Allow-Origin "*"
</Directory>

型
添加/激活模块

a2enmod headers

型
重新启动服务

/etc/init.d/apache2 restart

型

首先在服务器上启用mod_headers，然后您可以在Apache conf和.htaccess中使用header指令。
1.启用mod_headers

• a2enmod headers个

1.配置.htaccess文件中的头

Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

字符串

在httpd.conf中
1.确保这些已加载：

LoadModule headers_module modules/mod_headers.so

LoadModule rewrite_module modules/mod_rewrite.so

字符串
1.在目标目录中：

<Directory "**/usr/local/PATH**">
    AllowOverride None
    Require all granted

    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
    Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
    Header always set Access-Control-Max-Age "600"

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]

</Directory>

If running outside container, you may need to restart apache service.

型

将以下内容放入站点的.htaccess文件中（位于/var/www/XXX中）：

Header set Access-Control-Allow-Origin "*"

字符串
而不是.conf文件。
您还将需要使用

AllowOverride All

型
在您的.conf文件中，以便Apache查看。

Ubuntu Apache 2解决方案对我有效。htaccess编辑对我不起作用，我不得不修改conf文件。
nano /etc/apache2/sites-available/mydomain.xyz.conf
我的配置工作，以允许CORS支持

<IfModule mod_ssl.c>
    <VirtualHost *:443>

        ServerName mydomain.xyz
        ServerAlias www.mydomain.xyz

        ServerAdmin support@mydomain.xyz
        DocumentRoot /var/www/mydomain.xyz/public

        ### following three lines are for CORS support
        Header add Access-Control-Allow-Origin "*"
        Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
        Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLCertificateFile /etc/letsencrypt/live/mydomain.xyz/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.xyz/privkey.pem

    </VirtualHost>
</IfModule>

字符串

然后输入以下命令

a2 enmod标头

尝试前确保缓存已清空

在Apache2中启用mod_headers，以便能够使用Header指令：

a2enmod headers

字符串

我费了很大劲才让它起作用。别忘了，即使是子请求，旧页面也会缓存在浏览器中。也许很明显，但请清除浏览器的缓存。之后，还可以使用Header set Cache-Control "no-store"这对我在测试时很有帮助。

FWIW，在标准共享服务器托管配置（Namecheap）上-在不需要安全性的非生产帐户上-这对我来说很有效：

Header Set Access-Control-Allow-Origin *
Header Set Access-Control-Allow-Headers *
Header Set Access-Control-Allow-Methods *

字符串

你也可以把下面的代码放到htaccess文件中，以允许CORS使用htaccess文件

######################## Handling Options for the CORS
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [L,R=204]

   ##################### Add custom headers
   Header set X-Content-Type-Options "nosniff"
   Header set X-XSS-Protection "1; mode=block"
   # Always set these headers for CORS. 
   Header always set Access-Control-Max-Age 1728000
   Header always set Access-Control-Allow-Origin: "*"
   Header always set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
   Header always set Access-Control-Allow-Headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$
   Header always set Access-Control-Allow-Credentials true

字符串
为了信息的目的，你也可以看看这篇文章http://www.ipragmatech.com/enable-cors-using-htaccess/允许CORS头.