awswordpress

Enable CORS

NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and what approach to follow, run the command below:

 $ test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."

The output of the command indicates which approach (A or B) is used by the installation, and will allow you to identify the paths, configuration and commands to use in this guide. Refer to the FAQ for more information on these changes.

Cross-Origin Resource Sharing (CORS) is a standard way of accessing resources on a domain from another domain. It is typically used from cross-domain AJAX requests, although other use cases also exist. Learn more about CORS on Wikipedia.

By default, CORS is disabled on the Bitnami WordPress stack. Follow the steps below to enable it.

Approach A: Bitnami installations using system packages

Edit the WordPress configuration file for Apache (/opt/bitnami/apache2/conf/vhosts/wordpress-vhost.conf) and add the following line inside the Directory directive:

...
<Directory /opt/bitnami/wordpress>
...
Header set Access-Control-Allow-Origin "*"
...
</Directory>

Enable other methods or headers for other directories (e.g /opt/bitnami/wordpress/wp-admin):

...
<Directory /opt/bitnami/wordpress/wp-admin>
...
Header set Access-Control-Allow-Origin "\*"
Header set Access-Control-Allow-Methods "GET, OPTIONS, POST"
Header set Access-Control-Allow-Headers "origin, x-requested-with, content-type, accept"
...
</Directory>

If the request is an OPTIONS request, the script exits with either access control headers sent, or a 403 response if the origin is not allowed. By default, only the server where the application is hosted is allowed (see /opt/bitnami/wordpress/wp-includes/http.php). For other request methods, you will receive a return value.

Approach B: Self-contained Bitnami installations

Edit the WordPress configuration file for Apache (/opt/bitnami/apps/wordpress/conf/httpd-app.conf) and add the following line inside the Directory directive

...
<Directory /opt/bitnami/apps/wordpress/htdocs/>
...
Header set Access-Control-Allow-Origin "*"
...
</Directory>

Enable other methods or headers for other directories (e.g /opt/bitnami/apps/wordpress/htdocs/wp-admin):

...
<Directory /opt/bitnami/apps/wordpress/htdocs/wp-admin>
...
Header set Access-Control-Allow-Origin "\*"
Header set Access-Control-Allow-Methods "GET, OPTIONS, POST"
Header set Access-Control-Allow-Headers "origin, x-requested-with, content-type, accept"
...
</Directory>

If the request is an OPTIONS request, the script exits with either access control headers sent, or a 403 response if the origin is not allowed. By default, only the server where the application is hosted is allowed (see /opt/bitnami/apps/wordpress/htdocs/wp-includes/http.php). For other request methods, you will receive a return value.

Last modification May 5, 2021