got a strange one:
I have a virtualhost which provides some kind of RSS feed.
This RSS feed will go into another software, which provides the information to the user.
Now i need to restrict the users, being able to access the website for further information to those, which are able to access the feed.
So, easy solution would be using an htaccess file. Which i did.
The software receiving the RSSfeed also needs to get the apache headers, in order to work correctly. Which it gets, but AFTER sending the login crecentials.
But it needs them beforehand.
So: this is how the header looks like before login at the moment:
Connection: Keep-Alive Content-Length: 381 Content-Type: text/html; charset=iso-8859-1 Date: Mon, Apr 18 2015 08:09:52 Keep-Alive: timeout=5, max=100 Server Apache/2.4.7 WWW-Authenticate: Basic realm="secure"
Instead it would have include something like this as well:
Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Authorization,Accept, Content-Type, Content-Length,* Access-Control-Allow_methods: GET,POST,OPTIONS Access-Control-Allow-Origin: *
I tried to add this Access Control parameters at different places, but whether i put it in virtual hosts conf file, or created a new conf file in conf-available and symlink it to conf-enabled, or put it in the .htaccess file as first entry and having the part:
AuthName "secure" AuthType Basic AuthUserFile /home/viamedici.tv/.blog-htpasswd require valid-user
further on, it won't change anything. the first reply, before sending the login credentials will not have the access control settings within the header, which are required.
Anybody any idea?
Thanks for help and best