Apache(아파치)에서 크로스 사이트 스크립팅(cross site scripting: xss) 허용하기

You will just need to add ONE line  into your apache.conf . 

### bash


cat xx-apache.conf
<VirtualHost *:80>
ServerName "aaa.com"
Header set Access-Control-Allow-Origin “*”   <------------------ allow cross site script
<Directory "/usr/local/bbb">
  SetEnv LD_LIBRARY_PATH "/usr/local/xxx/lib/:$LD_LIBRARY_PATH"
# Allow from all  
</Directory>
</VirtualHost>

then restart daemon

$ sudo /etc/init.d/httpd configtest
$ sudo /etc/init.d/httpd restart


when you curl the url, you will see


curl -i "http://host/xxx?aaa/bbb/ccc"
HTTP/1.1 200 OK
Date: Wed, 26 Oct 2011 03:35:29 GMT
Server: Apache/2.2.3 (CentOS)
Access-Control-Allow-Origin: “*”           <----------
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8