1 <Directory "/srv/http/carddavmate/">
2 AuthUserFile /srv/http/carddavmate/htpasswd
4 AuthName "password, please"
8 <FilesMatch "htpasswd">
15 <IfModule mod_headers.c>
16 Header unset Access-Control-Allow-Origin
17 Header unset Access-Control-Allow-Methods
18 Header unset Access-Control-Allow-Headers
19 Header unset Access-Control-Allow-Credentials
21 # Set the Allow-Origin to the server name under which carddavmate is accessible, i.e. for https://www.example.com/carddavmate set it to "https://www.example.com". This file is not needed if you have carddavmate and davical accessible through the same server domain name. Important: it matters whether you set this to http or https, depending on how you access carddavmate
22 Header always set Access-Control-Allow-Origin "https://www.example.com"
23 Header always set Access-Control-Allow-Methods "GET,POST,OPTIONS,PROPFIND,REPORT,PUT,DELETE"
24 Header always set Access-Control-Allow-Headers "User-Agent,Authorization,Content-type,Depth,If-match,If-None-Match,X-client"
25 Header always set Access-Control-Allow-Credentials true
27 RewriteCond %{REQUEST_METHOD} OPTIONS
28 RewriteRule ^(.*)$ $1 [R=200,L]