Set CORS header to Allow Access for any Incoming Domain

The following may be used to set to always set the CORS header for any incoming domains without using the wildcard and for setting headers particularly for the incoming domain name. This header set allows passing of the cookie and is quite open, modify it for your needs:

 

 SetEnvIf Origin ".*$" acaorigin=$0
 Header always set Access-Control-Allow-Origin %{acaorigin}e env=acaorigin
 Header always set Access-Control-Allow-Credentials true
 Header always set Access-Control-Allow-Headers: "DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, C$, Authorization, Origin, X-Requested-With, Content-Type, Accept"
 Header always set Access-Control-Allow-Methods: "PUT, GET, POST, OPTIONS, PATCH"
 Header always set Access-Control-Expose-Headers: "Content-Security-Policy, Location, Cache-Control, Content-Language, Content-Encoding, Content-Type, Expires, Last-Modified, Pragma"
 Header always set Access-Control-Max-Age "600" 
 Header merge Vary Origin

 

 

  • 2 Users Found This Useful

Was this answer helpful?

Related Articles

htaccess - Allow Let's Encrypt to Validate and Renew

When receiving the following Let's Encrypt error message:domain.com: The SSL certificate expires...

Cross Origin Request Error

When receiving a cross-origin / cross original request, CORS header 'Access-Control-Allow-Origin'...

Common Search Engine Optimization Tips

Get other websites to link to you. Have your website linked and posted in socal media...

Setting up Zend Framework

When setting up Zend Frameworks in your hosting account be sure to upload your frameworks folder...

How do I parse html files as shtml?

Create an .htaccess file in the directory needed and add the following: AddHandler...