Last active
November 19, 2023 03:14
-
-
Save brianlmoon/2291111c5c69252c85f4 to your computer and use it in GitHub Desktop.
CORS example for Apache with multiple domains
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Sets CORS headers for request from example1.com and example2.com pages | |
| # for both SSL and non-SSL | |
| SetEnvIf Origin "^https?://[^/]*(example1|example2)\.com$" ORIGIN=$0 | |
| Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN | |
| Header set Access-Control-Allow-Credentials "true" env=ORIGIN | |
| # Always set Vary: Origin when it's possible you may send CORS headers | |
| Header merge Vary Origin |
Hi,
I have not used Apache in years now. I would Google for "apache options cors". I switched to Nginx. I had to do some things in Nginx for OPTIONS headers so I am guessing Apache is the same. I am sure there is a solution. And if you find the solution, feel free to respond here with it.
Hi guys, this thread was really helpful,
The solution below works. The server is returning correct Access-Control-Allow-Origin header but status code of Preflight (OPTIONS method, before POST) request is still 403 (chrome)
Is there any solution for 403?
SetEnvIf Origin "^https?://[^/]*(example1|example2)\.com$" ORIGIN=$0 Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN Header set Access-Control-Allow-Credentials "true" env=ORIGIN Header merge Vary Origin
Header always set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
Thank you. This did it.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi guys,
this thread was really helpful,
The solution below works. The server is returning correct Access-Control-Allow-Origin header but status code of Preflight (OPTIONS method, before POST) request is still 403 (chrome)
Is there any solution for 403?