Apache: CORS error after a few seconds

I’ve set up an Armadietto server with this config file:

  "allow_signup": false,
  "storage_path": "/usr/share/armadietto",
  "cache_views": true,
  "http": {
    "host": "",
    "port": 8000
  "https": {
    "enable": true,
    "force": false
  "basePath": ""

Apache is acting as a reverse proxy. The configuration is:

    ProxyPass "/"  ""
    ProxyPassReverse "/"  ""

I’m able to surf to the Armadietto server and create an account (while allow_signup was temporarily set true), and from my webapp I can use the RemoteStorage widget to connect to my account on the server. Initially this works, but after a few seconds I start getting a CORS error for every sync:

policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

You are experiencing the bug described in this topic and on the servers page.

After having prevented people from using Apache for RS servers for the better part of a decade, it was finally fixed and released in version 2.4.49.

(After it had been fixed, there seems to have been no release manager for over a year. But now they’re releasing new versions again in shorter intervals, so the latest stable version is 2.4.52.)

P.S.: I took the liberty of changing the topic title, so it’s more accurate and easier to find for others running into it.

Ah, yes, I had read the posts a while ago, but did not check my Apache version. Thanks!