How can I get my Apache VPS server to set Access-Control-Allow-Origin "*"?

Question

I acquired a new VPS from Godaddy and have already set this property to allow cross origin in my .htaccess file and in the httpd.conf, I have set AllowOverride All as shown, respectively, in the code below, despite which I still get the errors that follows:

// .htaccess

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php83” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php83 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

AddType video/MP2T ts
AddType application/dash+xml mpd

# Header set Access-Control-Allow-Origin "*"

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    # <FilesMatch "\.(mpd)$">
    #     Header set Access-Control-Allow-Origin "*"
    # </FilesMatch>
</IfModule>

/usr/local/apache/conf/httpd.conf

<IfModule include_module>
  <Directory "/home/indupendo/public_html">
    AllowOverride All // <-- I added this line here.
    SSILegacyExprParser On
  </Directory>
</IfModule>

The CORS issue in browser

Access to XMLHttpRequest at 'https://indupendo.com/be-a/public/ads/video/rapper/rapper.mpd' from origin 'https://livepush.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
hlsplayer.2397aef1.js:1 
        
        
       GET https://indupendo.com/be-a/public/ads/video/rapper/rapper.mpd net::ERR_FAILED 200 (OK)

On ssh cli, I got this after testing the response from the link in question, which indeed shows that the Access-Control-Allow-Origin is not being set:

curl -I https://indupendo.com/be-a/public/ads/video/rapper/rapper.mpd
HTTP/2 200
last-modified: Fri, 29 Dec 2023 13:10:34 GMT
accept-ranges: bytes
content-length: 1397
vary: Accept-Encoding
date: Sat, 30 Dec 2023 13:45:44 GMT
server: Apache

How can I set this header and combat the error?

Answer 1

So I derived my answer from @esqew and @RiggsFolly's guide above. Even though my server was saying headers_module (shared) upon checking on ssh with httpd -M | grep headers_module, the jttpd.conf file did not have any <IfModule mod_headers.c> so below a similar one, <IfModule mod_include.c>, I added the <IfModule mod_headers.c> like so:

<IfModule mod_headers.c>
  <Directory "/path/to/my/domain's/root/">
    Header set Access-Control-Allow-Origin "*"
  </Directory>
</IfModule>
 

Answer 2

You can set the header in the php file being requested if the .htaccess isn't working as expected.

<?php
header('Access-Control-Allow-Origin: *');
?>

Feel free to add comment or support my opinion. Thanks