Add apache example configuration

docs/apache_cors_configure.md

@@ -0,0 +1,19 @@
+# How To Configure Apache CORS Rules for Webdav
+
+```apacheconf
+<IfModule mod_headers.c>
+  # Obsidian webdav
+  SetEnvIf Origin "^app://obsidian.md$" IS_OBSIDIAN
+  SetEnvIf Origin "^capacitor://localhost$" IS_OBSIDIAN
+  SetEnvIf Origin "^http://localhost$" IS_OBSIDIAN
+  Header always set Access-Control-Allow-Origin "*" env=IS_OBSIDIAN
+  Header always set Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK, PROPFIND" env=IS_OBSIDIAN
+  Header always set Access-Control-Allow-Headers "Authorization, Depth, DNT, User-Agent, Keep-Alive, Content-Type, accept, origin, X-Requested-With" env=IS_OBSIDIAN
+  Header always set Access-Control-Expose-Headers "etag, dav" env=IS_OBSIDIAN
+
+  # Allow OPTION request without authentication and respond with status 200
+  RewriteCond %{ENV:IS_OBSIDIAN} 1
+  RewriteCond %{REQUEST_METHOD} OPTIONS
+  RewriteRule ^(.*)$ $1 [R=200,L]
+</IfModule>
+```

docs/browser_env_cors.md

@@ -8,7 +8,9 @@ To solve the issue, we have some options:
 
 1. The server side needs to return the header `Access-Control-Allow-Origin` allowing the origins `app://obsidian.md` and `capacitor://localhost` and `http://localhost`. Sometimes in the future, the header `Access-Control-Expose-Headers` with some values being set might be also needed.
 
-   [Here is an example configuration for Amazon S3.](./s3_cors_configure.md)
+   Example configurations:
+   - [Amazon S3](./s3_cors_configure.md)
+   - [Apache (e.g. Nextcloud)](./apache_cors_configure.md)
 
    However, some cloud services do not allow configuring or exposing these headers. (Notably most public WebDAV services.)