Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

handle multiple domains with Access-Control-Allow-Origin header in Apache

I want to configure apache for cross-domain access header. I have tried multiple combination as suggested on number of threads on the forum. But its not working for me.

The ways, I have tried:

1) Specify domain on different line as below with Header set :

Header set Access-Control-Allow-Origin "example1.com" Header set Access-Control-Allow-Origin "example2.com" Header set Access-Control-Allow-Origin: "example3.com" 

With this setup its picking only last one and ignore rest of all.

2) Specify domain on different line as below with Header add :

Header add Access-Control-Allow-Origin "example1.com" Header add Access-Control-Allow-Origin "example2.com" Header add Access-Control-Allow-Origin: "example3.com" 

With this its showing all three domains in header, but fonts are not getting picked up on Firefox.

3.) Tried Using SetEnvIf, but again its not working :

SetEnvIf Origin "http(s)?://(www\.)?(mydomain.com|mydomain2.com)$" AccessControlAllowOrigin=$0$1 Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin 

Finally working with "*", but I don't want to use this.

Please help with this.

like image 810
Kuldeep Avatar asked Dec 19 '13 05:12

Kuldeep


People also ask

Can you have multiple Access-Control allow Origin headers?

You can only have 1 host/domain in the Access-Control-Allow-Origin header in the response sent by IHS. If you want to be able to have a list of domains that you want to allow you need check the Origin header sent in the request and use some variables.

How do you add multiple domains in Access-Control allow origin?

Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you would like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.


1 Answers

For 3 domains, in your .htaccess:

<IfModule mod_headers.c>     SetEnvIf Origin "http(s)?://(www\.)?(domain1.org|domain2.com|domain3.net)$" AccessControlAllowOrigin=$0$1     Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin     Header set Access-Control-Allow-Credentials true </IfModule> 

I've tried this and it works for me. Let me know if it doesn't for you.

like image 104
George Avatar answered Sep 28 '22 01:09

George