Set CORS header to Allow Access for any Incoming Domain

The following may be used to set to always set the CORS header for any incoming domains without using the wildcard and for setting headers particularly for the incoming domain name. This header set allows passing of the cookie and is quite open, modify it for your needs:


 SetEnvIf Origin ".*$" acaorigin=$0
 Header always set Access-Control-Allow-Origin %{acaorigin}e env=acaorigin
 Header always set Access-Control-Allow-Credentials true
 Header always set Access-Control-Allow-Headers: "DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, C$, Authorization, Origin, X-Requested-With, Content-Type, Accept"
 Header always set Access-Control-Allow-Methods: "PUT, GET, POST, OPTIONS, PATCH"
 Header always set Access-Control-Expose-Headers: "Content-Security-Policy, Location, Cache-Control, Content-Language, Content-Encoding, Content-Type, Expires, Last-Modified, Pragma"
 Header always set Access-Control-Max-Age "600" 
 Header merge Vary Origin



  • 4 Users Found This Useful

Was this answer helpful?

Related Articles

How can I turn off directory indexing?

In the directory that you wish you turn off directory indexing, you can do it under Index Manager...

html or htm parsed as shtml not working

To parse .html or .htm files as .shtml add the following to your .htaccess file in the...

Cross Origin Request Error

When receiving a cross-origin / cross original request, CORS header 'Access-Control-Allow-Origin'...

How do I create a helpdesk ticket?

You may create a helpdesk ticket at any time by visiting and...

Unable to view from my foreign browser

We are an American company based out of Seattle, WA. Our website is written in English as a...