Yalme/php_cors_header_examples.php

## php_cors_header_examples.php
<?php

// if you want pass all
header('Access-Control-Allow-Origin: *');

// if you want limit by domain
header('Access-Control-Allow-Origin: https://domain.com');

// if you want limit by multiple domains
// list of allowed domains
$allowed_domains = array(
  'domain.com',
  'domain2.com'
);
// find out current incoming client
if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
  $origin = $_SERVER['HTTP_ORIGIN'];
} else if (array_key_exists('HTTP_REFERER', $_SERVER)) {
  $origin = $_SERVER['HTTP_REFERER'];
} else {
  $origin = $_SERVER['REMOTE_ADDR'];
}
// check if it matches
if (in_array($allowed_domains, $origin)) {
  header('Access-Control-Allow-Origin: ' . $origin);
}

?>
	<?php

	// if you want pass all
	header('Access-Control-Allow-Origin: *');

	// if you want limit by domain
	header('Access-Control-Allow-Origin: https://domain.com');

	// if you want limit by multiple domains
	// list of allowed domains
	$allowed_domains = array(
	'domain.com',
	'domain2.com'
	);
	// find out current incoming client
	if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
	$origin = $_SERVER['HTTP_ORIGIN'];
	} else if (array_key_exists('HTTP_REFERER', $_SERVER)) {
	$origin = $_SERVER['HTTP_REFERER'];
	} else {
	$origin = $_SERVER['REMOTE_ADDR'];
	}
	// check if it matches
	if (in_array($allowed_domains, $origin)) {
	header('Access-Control-Allow-Origin: ' . $origin);
	}

	?>