Set CORS header to Allow Access for any Incoming Domain

The following may be used to set to always set the CORS header for any incoming domains without using the wildcard and for setting headers particularly for the incoming domain name. This header set allows passing of the cookie and is quite open, modify it for your needs:

 

 SetEnvIf Origin ".*$" acaorigin=$0
 Header always set Access-Control-Allow-Origin %{acaorigin}e env=acaorigin
 Header always set Access-Control-Allow-Credentials true
 Header always set Access-Control-Allow-Headers: "DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, C$, Authorization, Origin, X-Requested-With, Content-Type, Accept"
 Header always set Access-Control-Allow-Methods: "PUT, GET, POST, OPTIONS, PATCH"
 Header always set Access-Control-Expose-Headers: "Content-Security-Policy, Location, Cache-Control, Content-Language, Content-Encoding, Content-Type, Expires, Last-Modified, Pragma"
 Header always set Access-Control-Max-Age "600" 
 Header merge Vary Origin

 

 

  • 4 Users Found This Useful

Was this answer helpful?

Related Articles

How to use SharedSSL

SharedSSL is now available with our Ultra Unlimited. It is not as professional looking as having...

Adding a Facebook Button

Facebook has a wonderful page on adding a Facebook image to your website complete with...

Redirect http to https and www

To forward a website to use both www. and https:// use the following in an .htaccess file:...

Updating an Old Docker Version to Community Edition

The following was used to upgrade an antiquated version of docker to the newest community edition...

osCommerce password reset

How to reset your osCommerce admin login... You can reset your osCommerce administrative login...