Menu
I want to configure apache to allow XMLHttpRequests from multiple, but not all domains.
This works:
Header set Access-Control-Allow-Origin "*"
But it's unsafe, I want to allow domains specified by me, so after a bit of googling I got to this:
Header set Access-Control-Allow-Origin "http://domain1.com http://domain2.com"
But this only picks up first domain, the second is not allowed. How to properly specify multiple domains?
831
More than one Access-Control-Allow-Origin header was sent by the server. This isn't allowed.
Simply add a header to your HttpServletResponse by calling addHeader : response. addHeader("Access-Control-Allow-Origin", "*");
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.
you can use SetEnvIf in your .htaccess file or in in vhost file (inside "Directory" group):
<IfModule mod_headers.c>
SetEnvIfNoCase Origin "https?://(www\.)?(mydomain\.com|mydomain2\.com)(:\d+)?$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
</IfModule>
With this code you can allow access from
You can add multiple domains separated with | or you can use regexp to configure different subdomains or patterns.
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
