CORS and htaccess

22 May 2023 admin

This works on most all my servers to setup cors:

<IfModule mod_headers.c>
  Header always set Access-Control-Allow-Origin "https://cdpn.io"
  Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
  Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
</IfModule>

This works on most of my servers to allow more than one domain:

<IfModule mod_headers.c>
  SetEnvIf Origin "https?://(www.)?(cdpn.io|example.com)$" AccessControlAllowOrigin=$0
  Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
  Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
  Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
</IfModule>

I had one server and cannot recall the operating system but had to use a "backslash before the . in the line below. Due to security settings cannot show example, but you just place a backslash before each period:

SetEnvIf Origin "https?://(www.)?(cdpn.io|example.com)$"