Set CORS header to Allow Access for any Incoming Domain

The following may be used to set to always set the CORS header for any incoming domains without using the wildcard and for setting headers particularly for the incoming domain name. This header set allows passing of the cookie and is quite open, modify it for your needs:

 

 SetEnvIf Origin ".*$" acaorigin=$0
 Header always set Access-Control-Allow-Origin %{acaorigin}e env=acaorigin
 Header always set Access-Control-Allow-Credentials true
 Header always set Access-Control-Allow-Headers: "DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, C$, Authorization, Origin, X-Requested-With, Content-Type, Accept"
 Header always set Access-Control-Allow-Methods: "PUT, GET, POST, OPTIONS, PATCH"
 Header always set Access-Control-Expose-Headers: "Content-Security-Policy, Location, Cache-Control, Content-Language, Content-Encoding, Content-Type, Expires, Last-Modified, Pragma"
 Header always set Access-Control-Max-Age "600" 
 Header merge Vary Origin

 

 

  • 4 Users Found This Useful

Was this answer helpful?

Related Articles

How do I remove a web disk?

In Windows, go to My Network Places on your PC, find the connection, right click and delete....

How do I hide my domain WHOIS information?

If you do not wish to have your contact information shown when someone does a WHOIS report on...

Disable error_log via htaccess

Prevent public display of PHP errors via htaccess# supress php errorsphp_flag...

Is it possible to make a cron to backup my database at specific times?

Yes, this can be very useful for forum/message board sites with large databases. In your control...

When should I use ascii and when should I use binary?

Many FTP client programs support and auto mode to detect the proper upload type based on file...