Set CORS header to Allow Access for any Incoming Domain

The following may be used to set to always set the CORS header for any incoming domains without using the wildcard and for setting headers particularly for the incoming domain name. This header set allows passing of the cookie and is quite open, modify it for your needs:

 

 SetEnvIf Origin ".*$" acaorigin=$0
 Header always set Access-Control-Allow-Origin %{acaorigin}e env=acaorigin
 Header always set Access-Control-Allow-Credentials true
 Header always set Access-Control-Allow-Headers: "DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, C$, Authorization, Origin, X-Requested-With, Content-Type, Accept"
 Header always set Access-Control-Allow-Methods: "PUT, GET, POST, OPTIONS, PATCH"
 Header always set Access-Control-Expose-Headers: "Content-Security-Policy, Location, Cache-Control, Content-Language, Content-Encoding, Content-Type, Expires, Last-Modified, Pragma"
 Header always set Access-Control-Max-Age "600" 
 Header merge Vary Origin

 

 

  • 4 Users Found This Useful

Was this answer helpful?

Related Articles

Adding a Facebook Button

Facebook has a wonderful page on adding a Facebook image to your website complete with...

When I upload an htaccess file it disappears

On unix/linux systems, files that start with a . are considered hidden so many ftp programs do...

osCommerce password reset

How to reset your osCommerce admin login... You can reset your osCommerce administrative login...

Unable to view Ultrawebhosting.com from my foreign browser

We are an American company based out of Seattle, WA. Our website is written in English as a...

Point Multiple Domains to the Same Website

Pointing other domains to your website is easy! Simply make sure their DNS settings are pointing...