Set CORS header to Allow Access for any Incoming Domain

The following may be used to set to always set the CORS header for any incoming domains without using the wildcard and for setting headers particularly for the incoming domain name. This header set allows passing of the cookie and is quite open, modify it for your needs:

 

 SetEnvIf Origin ".*$" acaorigin=$0
 Header always set Access-Control-Allow-Origin %{acaorigin}e env=acaorigin
 Header always set Access-Control-Allow-Credentials true
 Header always set Access-Control-Allow-Headers: "DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, C$, Authorization, Origin, X-Requested-With, Content-Type, Accept"
 Header always set Access-Control-Allow-Methods: "PUT, GET, POST, OPTIONS, PATCH"
 Header always set Access-Control-Expose-Headers: "Content-Security-Policy, Location, Cache-Control, Content-Language, Content-Encoding, Content-Type, Expires, Last-Modified, Pragma"
 Header always set Access-Control-Max-Age "600" 
 Header merge Vary Origin

 

 

  • 4 Users Found This Useful

Was this answer helpful?

Related Articles

Cross Origin Request Error

When receiving a cross-origin / cross original request, CORS header 'Access-Control-Allow-Origin'...

Your connection to this server has been blocked at the firewall

If you receive the message: "Your connection to this server has been blocked at the firewall. If...

I have a reseller account. What can I use for billing software and automation?

There are many great programs that work for both billing, domain and cpanel integration. Check...

Why is the server load status red?

The server load status will be red if the server is under a little more stress than usual. This...

What are some tools are available to optimize my website?

There are many great tools to optimize your website. There is an optimize tool in your hosting...