<LocationMatch "\.(?i:pps)$">
ForceType application/vnd.ms-powerpoint
Header set Content-Disposition attachment
</LocationMatch>
ForceType application/vnd.openxmlformats–officedocument.presentationml.slideshow
Header set Content-Disposition attachment
Not sure which direction you are wanting these applied, and I'm not an apache user, but the header actions are simple. Pick your request/response event, match the appropriate string and the header actions are:
HTTP::header replace Content-Type application/vnd.ms-powerpoint
HTTP::header insert Content-Disposition attachment
Related
my react app on production mode (https://www.cli-domain.com) -> main domain, it's using laravel API server (https://admin.cli-domain.com) -> subdomain created by apache virtual host, both domain are running on same server,
whenever i'm trying to send request from react app to API, it showing CORS error.
i'm using axios for api request, i set headers fields Access-Control-Allow-Origin * on my client side,
on my laravel API i used fruitcake/cors package to handle middleware via allow cross origin requests, as well i tried with htaccess Header allow cross origin snippets, and i use laravel Cors.php file to allow cross origin method,
everything ended up with failure result,
still i can't able to send a successful request to my laravel API,
please assist me achieve this is possible
Here i attach .htaccess method for reference
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
and then another try with fruitcake / cors package reference code
protected $middleware = [
...
\Fruitcake\Cors\HandleCors::class, # this line
];
Cors.php
<?php
return [
/*
|--------------------------------------------------------------------------
| Laravel CORS Options
|--------------------------------------------------------------------------
|
| The allowed_methods and allowed_headers options are case-insensitive.
|
| You don't need to provide both allowed_origins and allowed_origins_patterns.
| If one of the strings passed matches, it is considered a valid origin.
|
| If ['*'] is provided to allowed_methods, allowed_origins or allowed_headers
| all methods / origins / headers are allowed.
|
*/
/*
* You can enable CORS for 1 or multiple paths.
* Example: ['api/*']
*/
'paths' => ['api/v1/tasker/profileupload', '*'],
/*
* Matches the request method. `['*']` allows all methods.
*/
'allowed_methods' => ['POST', 'GET', 'DELETE', 'PUT', '*'],
/*
* Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com`
*/
'allowed_origins' => ['https://www.doain-cus.com'],
/*
* Patterns that can be used with `preg_match` to match the origin.
*/
'allowed_origins_patterns' => ['Google/'],
/*
* Sets the Access-Control-Allow-Headers response header. `['*']` allows all headers.
*/
'allowed_headers' => ['X-Custom-Header', 'Upgrade-Insecure-Requests', '*'],
/*
* Sets the Access-Control-Expose-Headers response header with these headers.
*/
'exposed_headers' => [],
/*
* Sets the Access-Control-Max-Age response header when > 0.
*/
'max_age' => 0,
/*
* Sets the Access-Control-Allow-Credentials header.
*/
'supports_credentials' => false,
];
If you use the HandleCors middleware you shouldn't set the headers in your .htaccess (it will end up with CORS error because headers can't be setted twice), your cors.php config file is enough.
So you can remove these lines from your .htaccess:
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
You also don't have to set it from the client side, it is a server side configuration.
I need to save a file with correct MimeType for .p7m files (application/pkcs7-mime) via form upload to the server.
In the request I noticed that Content-Type is wrong:
------WebKitFormBoundaryaglEgtBJlb65v7d5
Content-Disposition: form-data; name="file0"; filename="getmymimeplease.p7m"
Content-Type: application/pkcs7
it should be:
Content-Type: application/pkcs7-mime
How is possible that the '-mime' part is missing (or truncated) ?
This is usually controlled by OS and/or Browser. On windows, this is set in the registry, in HKEY_CLASSES_ROOT\.<fileextension>, e.g. HKEY_CLASSES_ROOT\.p7m, in the Field Content Type:
So in the end, this is controlled by the client. So if there are several possible mime types for the same extension, you need to cover that in your server code (accept or decline, convert to your default or not)
I have a problem with the sending of „Post” by postman
The request is constructed in this way:
my request
When I add various headers, I receive always the response „no data”.
When I send the file by the website, on which I tried to send the request, I receive always the returnable file – sending exacly the same file which I sent by postman.
The Problem is that when I don't send the file from the website, I receive the request „no file” and even as I send the request from postman without the file, I receive the request „no data”
So how can i send the file ?
request headers
The field containing the file has a name, and it's not "Content-Disposition." Check the web site HTML, see what the name of the field is, and enter it as the name of the File field in Postman. Note that the file field name appears in the request body, not the headers. It will look something like this:
------WebKitFormBoundaryzp81ydREocuBHzYN
Content-Disposition: form-data; name="datafile"; filename="0041e2b.jpg"
Content-Type: image/jpeg
In this case the field name is "datafile."
I am developing a webapp with static files on one server and api on another. The front end is developed using angular and backend using laravel.
For CSRF-TOKEN fetching during the first load, within angular run block I have this code
if(!$cookies.get('XSRF-TOKEN')){
$http.get(API+'/csrf_token').success(function(d){
$cookies.put('XSRF-TOKEN',d.XSRF_TOKEN);
//$cookies.put('laravel-session',d.LARAVEL_ID);
//$http.defaults.headers.common.X-CSRF-TOKEN = 'Basic YmVlcDpib29w';
//$http.defaults.headers.post['X-CSRF-TOKEN']=$cookies.get('XSRF-TOKEN');
$http.defaults.headers.post['X-CSRF-TOKEN']=d.XSRF_TOKEN;
});
The other way I have tried to get the same was using this way.
Also set $httpProvider.defaults.withCredentials = true; so that cookies be sent along with requests.
The route /csrf_token setup as
Route::get("/csrf_token", function(){
//return \Response::json("asd",200)->withCookie(cookie("XSRF-TOKEN",csrf_token()));
return csrf_token(); //\Crypt::encrypt(csrf_token())
});
All the ajax POST requests throw TokenMismatchException in VerifyCsrfToken.php line 67:.
Next I have sent the csrf_token parameter as _token attached with the post parameters, still the same problem.
Tried all the above, returning encrypted token from /csrf_token, but still same problem.
Repeated all the steps clearing the config:cache and composer dumpautoload in api server, but still same problem.
Reviewed config file ,some values -
'driver' => env('SESSION_DRIVER', 'file'),
'encrypt' => false,
'files' => storage_path('framework/sessions'),
'secure' => false,
(These values seem to be okay)
Next reviewed Virtual config file for CORS configuration (inside directory tag)
Header set Access-Control-Allow-Origin "www.mydomain.com" #real domain not posted
Header set Access-Control-Allow-Credentials 'true'
Header always set Access-Control-Max-Age "2000"
Header set Access-Control-Allow-Headers 'X-CSRF-TOKEN'
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require local
Wasted hours googling.(frustrated). Need help.
NB: I couldn't find any more tutorial/answers similar to token mismatch problem netiher on stackoverflow nor on any other website that I havn't tried. Thanks.
is it possible to add some request headers to lobobrowser?