No announcement yet.

CORS on subversion edge

  • Filter
  • Time
  • Show
Clear All
new posts

  • CORS on subversion edge

    Need help to setup CORS on subversion edge , I have tried updating httpd.conf with following setting but after the changes subversion server do not start without logging any error ,

    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Max-Age "1000" Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ blank.php [QSA,L]

  • #2
    In general I strongly discourage using the specific HTTP operations (POST, GET, OPTIONS, etc.) for limiting operations within a Subversion repository: I've seen too many different organizations try and fail at doing this. Typos, missing operations, unnecessary operations, etc. And all of that is subject to internal changes to Subversion implementation changing the operations-set between releases.

    I encourage the use of the "authz" file that Subversion enables. The format of this file is much easier to get correct and, more importantly, states exactly who gets what permissions to do what. You can do that at the repository level or, if necessary, sub-repository path level.

    See here: [url][/url]

    An Apache configuration would look like:

    <Location /svn>
    DAV svn
    SVNParentPath /opt/repo
    SVNListParentPath On
    AuthType Basic
    AuthBasicProvider ldap
    AuthName "SVN Repo"
    AuthLDAPURL "ldap://f.q.d.n/bindDN?uid"
    Require valid-user
    AuthzSVNAccessFile /some/path/ApacheAuthZ.conf


    • #3
      Thanks ...will using ApacheAuthZ.conf enable the CORS