Set CORS header to Allow Access for any Incoming Domain

The following may be used to set to always set the CORS header for any incoming domains without using the wildcard and for setting headers particularly for the incoming domain name. This header set allows passing of the cookie and is quite open, modify it for your needs:

 

 SetEnvIf Origin ".*$" acaorigin=$0
 Header always set Access-Control-Allow-Origin %{acaorigin}e env=acaorigin
 Header always set Access-Control-Allow-Credentials true
 Header always set Access-Control-Allow-Headers: "DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, C$, Authorization, Origin, X-Requested-With, Content-Type, Accept"
 Header always set Access-Control-Allow-Methods: "PUT, GET, POST, OPTIONS, PATCH"
 Header always set Access-Control-Expose-Headers: "Content-Security-Policy, Location, Cache-Control, Content-Language, Content-Encoding, Content-Type, Expires, Last-Modified, Pragma"
 Header always set Access-Control-Max-Age "600" 
 Header merge Vary Origin

 

 

  • 4 Users Found This Useful

Was this answer helpful?

Related Articles

403 Error on POST

This can occur for several reasons: Be sure your file permissions are correct. If the file needs...

Point my domain to my wix account

How can I point my domain name to my wix.com account?To set this up you will want to login to...

How do I remove a web disk?

In Windows, go to My Network Places on your PC, find the connection, right click and delete....

Reseller: Unable to find an IP address in when creating an account

When creating accounts be sure to select a package in the package field. You can create a package...

I updated my site but I still see old pages

Make sure your files are indeed updated by checking the file time stamps. Also, you may want to...