Set CORS header to Allow Access for any Incoming Domain

The following may be used to set to always set the CORS header for any incoming domains without using the wildcard and for setting headers particularly for the incoming domain name. This header set allows passing of the cookie and is quite open, modify it for your needs:

 

 SetEnvIf Origin ".*$" acaorigin=$0
 Header always set Access-Control-Allow-Origin %{acaorigin}e env=acaorigin
 Header always set Access-Control-Allow-Credentials true
 Header always set Access-Control-Allow-Headers: "DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, C$, Authorization, Origin, X-Requested-With, Content-Type, Accept"
 Header always set Access-Control-Allow-Methods: "PUT, GET, POST, OPTIONS, PATCH"
 Header always set Access-Control-Expose-Headers: "Content-Security-Policy, Location, Cache-Control, Content-Language, Content-Encoding, Content-Type, Expires, Last-Modified, Pragma"
 Header always set Access-Control-Max-Age "600" 
 Header merge Vary Origin

 

 

  • 4 Users Found This Useful

Was this answer helpful?

Related Articles

My pages are updating/refreshing slowly

Refresh is immediate on the server. When a file is updated and uploaded it is there. If you are...

https:// with Weebly

To enable and force https:// with your Weebly website, be sure to go into your editor area,...

What is a domain?

A domain is a human-readable name assigned to an IP address to make accessing websites much...

Enable Mod Rewrite

Create an .htaccess file with the following contents and upload it to your public_html directory....

Can you write a script for me?

We do not write scripts but will be more than happy to guide you in the right direction. Most the...