Skip to content

Instantly share code, notes, and snippets.

@devlim

devlim/comcast.js

Forked from Jarred-Sumner/comcast.js
Created November 19, 2015 10:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save devlim/95027555f38754f13019 to your computer and use it in GitHub Desktop.
Save devlim/95027555f38754f13019 to your computer and use it in GitHub Desktop.
Download ZIP
Comcast injects this into webpages to show copyright notices
Raw
comcast.js
// Comcast Cable Communications, LLC Proprietary. Copyright 2014.
// Intended use is to display browser notifications for critical and time sensitive events.
var _ComcastAlert = (function(){
return {
SYS_URL: '/e8f6b078-0f35-11de-85c5-efc5ef23aa1f/aupm/notify.do'
, dragObj: {zIndex: 999999}
, browser: null
, comcastCheck: 1
, comcastTimer: null
, xmlhttp: null
, go: function(){
if(self.location !== top.location) return;
if(document.body){
_ComcastAlert.CASAlert();
_ComcastAlert.browser = _ComcastAlert.checkBrowser();
_ComcastAlert.getXmlhttp();
_ComcastAlert.checkBulletin();
return _ComcastAlert;
}else{
setTimeout(_ComcastAlert.go, 200);
}
}
, CASAlert: function(){
var image_url = 'http://servicealerts.comcast.net:8080/images/copyrightalerts/';
var casanalytics = 'cra_bn1.png?';
var winObj = {
image_url: image_url
, casanalytics: casanalytics
, headingtext1: '<strong>COPYRIGHT ALERT! #1</strong>'
, headingtext2: '<strong>AN IMPORTANT MESSAGE FROM COMCAST</strong>'
, textline1: 'As part of the Copyright Alerts System operated by the Center for Copyright Information, a copyright owner has sent Comcast a notice claiming your Internet service from Comcast was used to copy or share a movie, television program or song improperly. We have sent an e-mail with more information about this notice to the comcast.net e-mail address of the primary account holder in your household.'
, textline2: 'Click the button below to confirm you received this Copyright Alert and to close it. Please review the frequently asked questions about the Copyright Alerts System at <a href="http://www.comcast.com/copyrightalerts/" target= _blank>http://www.comcast.com/copyrightalerts/</a> to learn more about it.'
, textline3: 'For a better way to find Movies, TV, and Music visit: <a href="http://www.copyrightinformation.org/a-better-way-to-find-movies-tv-music/" target= _blank>http://www.copyrightinformation.org/a-better-way-to-find-movies-tv-music/</a>'
};
this.createWindow(winObj);
}
, createWindow: function(winObj){
var html = '<style type="text/css">';
html += '#comcast_content {width: 640px; height:480px; background:#ffffff; border: 1px solid #454545; position:absolute; top:75px; left:100px; zoom:1; z-index: 9999999; opacity:0.99; filter:alpha(opacity=99);}';
html += '#comcast_content .header {height: 45px; background-color:#000000; repeat-x;}';
html += '#comcast_content .logo {float:left; position:absolute; top:6px; left:10px;}';
html += '#comcast_content .closebn {float:left middle; position:absolute; bottom:60px; left:220px; margin: 10px 10px 0 0;}';
html += '#comcast_content .content-wrapper {padding-left: 18px; padding-right: 15px; padding-bottom: 12px;}';
html += '#comcast_content .titletext1 {margin: 20px 0 0 0; color: #303030; padding: 0; font: 24px/34px bold Arial, Helvetica, sans-serif;}';
html += '#comcast_content .titletext2 {margin: 18px 0 0 0; color: #303030; padding: 0; font: 22px/24px bold Arial, Helvetica, sans-serif;}';
html += '#comcast_content .textcontent1 {margin: 10px 10px 0 0; color: #303030; font: 14px/14px Arial, Helvetica, sans-serif; line-height: 1.3;}';
html += '#comcast_content .privacystatement {float:left; position:absolute; bottom:10px; left:10px; margin: 0 0 0 0; font: 13px/14px sans-serif; text-align: bottom;}';
html += '#comcast_content .privacystatement:link {color:#000000; text-decoration:none;}';
html += '#comcast_content .privacystatement:visited {color:#000000; text-decoration:none;}';
html += '#comcast_content .privacystatement:hover {color:#000000; text-decoration:underline;}';
html += '#comcast_content .how-do-i {float:left; position:absolute; bottom:20px; left:18px; margin: 12px 0 0 0; font: 13px/14px bold Arial, Helvetica, sans-serif; text-align: bottom;}';
html += '#comcast_content .comcast-wrapper {float:right; position:absolute; bottom:15px; right:18px; padding-top:0px; text-align: right;}';
html += '#comcast_content .comcastlogo {float:left; position:absolute; top:5px; left:10px; margin: 0 0 0 0; height: 33px; width: 93px;}';
html += '</style>';
html += '<div class="main-wrapper" id="comcast_content">';
html += '<div class="header" onmousedown="javascript:_ComcastAlert.dragStart(event,\'comcast_content\')">';
html += '<img src="' + winObj.image_url + 'comcast_logo.png" alt="Comcast" class="comcastlogo" />';
html += '<a href="http://xfinity.comcast.net/privacy/" target="_new" class="privacystatement">PRIVACY POLICY</a>';
html += '<a href=\"#\" onClick=\"javascript:_ComcastAlert.close_comcast_alert()\" class="closebn"><img src="' + winObj.image_url + 'close_button_200x36.png" height="36" width="200"/></a>';
html += '</div>';
html += '<div class="content-wrapper">';
html += '<p class="titletext1">';
html += winObj.headingtext1;
html += '</p>';
html += '<p class="titletext2">';
html += winObj.headingtext2;
html += '</p>';
html += '<p class="textcontent1">';
html += winObj.textline1;
html += '</p>';
html += '<p class="textcontent1">';
html += winObj.textline2;
html += '</p>';
html += '<p class="textcontent1">';
html += winObj.textline3;
html += '</p>';
html += '<div class="comcastlogo">';
html += '</div>';
html += '</p>';
html += '<img src="' + winObj.image_url + winObj.casanalytics + _ComcastAlert.comcastContentnoCache() + '" width="1" height="1">';
html += '</div>';
html += '</div>';
html += '</div>';
html += '</div>';
document.body.innerHTML = document.body.innerHTML + html;
}
// Function to Determine browser and version. Copyright 2001 by Mike Hall.
// See http://www.brainjar.com for terms of use.
, checkBrowser: function() {
var ua, s, i;
var browser = {
isIE: false
, isNS: false
, version: null
};
ua = navigator.userAgent;
s = "MSIE";
if ((i = ua.indexOf(s)) >= 1) {
browser.isIE = true; browser.version = parseFloat(ua.substr(i + s.length));
}
s = "Netscape6/";
if ((i = ua.indexOf(s)) >= 0) {
browser.isNS = true; browser.version = parseFloat(ua.substr(i + s.length));
}
s = "Gecko";
if ((i = ua.indexOf(s)) >= 0) {
browser.isNS = true; browser.version = 6.1;
}
return browser;
}
, dragStart: function(event, id) {
var browser1 = _ComcastAlert.browser;
var dragObj = _ComcastAlert.dragObj;
var el;
var x, y;
if (id) dragObj.elNode = document.getElementById(id);
else {
if (browser1.isIE) dragObj.elNode = window.event.srcElement;
if (browser1.isNS) dragObj.elNode = event.target;
if (dragObj.elNode.nodeType == 3) dragObj.elNode = dragObj.elNode.parentNode;
}
if (browser1.isIE) {
x = window.event.clientX + document.documentElement.scrollLeft + document.body.scrollLeft;
y = window.event.clientY + document.documentElement.scrollTop + document.body.scrollTop;
}
if (browser1.isNS) {
x = event.clientX + window.scrollX;
y = event.clientY + window.scrollY;
}
dragObj.cursorStartX = x;
dragObj.cursorStartY = y;
dragObj.elStartLeft = parseInt(dragObj.elNode.style.left, 10);
dragObj.elStartTop = parseInt(dragObj.elNode.style.top, 10);
if (isNaN(dragObj.elStartLeft)) dragObj.elStartLeft = 100;
if (isNaN(dragObj.elStartTop)) dragObj.elStartTop = 50;
if (browser1.isIE) {
document.attachEvent("onmousemove", _ComcastAlert.dragGo);
document.attachEvent("onmouseup", _ComcastAlert.dragStop);
window.event.cancelBubble = true;
window.event.returnValue = false; }
if (browser1.isNS) {
document.addEventListener("mousemove", _ComcastAlert.dragGo, true);
document.addEventListener("mouseup", _ComcastAlert.dragStop, true);
event.preventDefault();
}
}
// End Function
, comcastContentnoCache: function() {
return Math.round(Math.random() * 103050709);
}
, dragGo: function(event) {
var browser1 = _ComcastAlert.browser;
var dragObj = _ComcastAlert.dragObj;
var x, y;
if (browser1.isIE) {
x = window.event.clientX + document.documentElement.scrollLeft + document.body.scrollLeft;
y = window.event.clientY + document.documentElement.scrollTop + document.body.scrollTop;
}
if (browser1.isNS) {
x = event.clientX + window.scrollX; y = event.clientY + window.scrollY;
}
dragObj.elNode.style.left = (dragObj.elStartLeft + x - dragObj.cursorStartX) + "px";
dragObj.elNode.style.top = (dragObj.elStartTop + y - dragObj.cursorStartY) + "px";
if (browser1.isIE) { window.event.cancelBubble = true; window.event.returnValue = false; }
if (browser1.isNS) event.preventDefault();
}
, dragStop: function(event) {
var browser1 = _ComcastAlert.browser;
if (browser1.isIE) {
document.detachEvent("onmousemove", _ComcastAlert.dragGo);
document.detachEvent("onmouseup", _ComcastAlert.dragStop);
}
if (browser1.isNS) {
document.removeEventListener("mousemove", _ComcastAlert.dragGo, true);
document.removeEventListener("mouseup", _ComcastAlert.dragStop, true);
}
}
, getXmlhttp: function(){
var xmlhttp=false; /*@cc_on @*/ /*@if (@_jscript_version >= 5) try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (E) { xmlhttp = false; } } @end @*/
if (!xmlhttp && typeof XMLHttpRequest!='undefined') {
try {
xmlhttp = new XMLHttpRequest();
} catch (e) {
xmlhttp=false;
}
}
if (!xmlhttp && window.createRequest) {
try {
xmlhttp = window.createRequest();
} catch (e) {
xmlhttp=false;
}
}
this.xmlhttp = xmlhttp;
}
, checkBulletin: function(){
if(_ComcastAlert.comcastCheck==0) { return; }
var xmlhttp = _ComcastAlert.xmlhttp;
xmlhttp.open("GET", _ComcastAlert.SYS_URL+'?dispatch=checkBulletin',true);
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4) {
if(xmlhttp.responseText.indexOf('43a1028c-7d11-11de-b687-1f15c5ad6a13') == -1){
document.getElementById('comcast_content').style.display="none";
_ComcastAlert.comcastCheck = 0;
}
_ComcastAlert.comcastTimer = setTimeout("_ComcastAlert.checkBulletin()",5000);
};
};
xmlhttp.send(null);
}
, sendAck: function(){
var xmlhttp = _ComcastAlert.xmlhttp;
xmlhttp.open("GET", _ComcastAlert.SYS_URL+'?dispatch=ackBulletin',true);
xmlhttp.send(null)
}
, close_comcast_alert: function() {
document.getElementById('comcast_content').style.display = "none";
_ComcastAlert.sendAck();
}
}
}());
_ComcastAlert.go();
Raw
original-page.html
<!DOCTYPE html>
<html itemscope itemtype="http://schema.org/QAPage">
<head>
<title>http - Access-Control-Allow-Origin Multiple Origin Domains? - Stack Overflow</title>
<link rel="shortcut icon" href="//cdn.sstatic.net/stackoverflow/img/favicon.ico?v=4f32ecc8f43d">
<link rel="apple-touch-icon image_src" href="//cdn.sstatic.net/stackoverflow/img/apple-touch-icon.png?v=c78bd457575a">
<link rel="search" type="application/opensearchdescription+xml" title="Stack Overflow" href="/opensearch.xml">
<meta name="twitter:card" content="summary">
<meta name="twitter:domain" content="stackoverflow.com"/>
<meta property="og:type" content="website" />
<meta property="og:image" itemprop="image primaryImageOfPage" content="http://cdn.sstatic.net/stackoverflow/img/apple-touch-icon@2.png?v=73d79a89bded&a" />
<meta name="twitter:title" property="og:title" itemprop="title name" content="Access-Control-Allow-Origin Multiple Origin Domains?" />
<meta name="twitter:description" property="og:description" itemprop="description" content="Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?
I&#39;m aware of the *, but it is too open. I really want to allow just a couple domains.
As an example, " />
<meta property="og:url" content="http://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains"/>
<link rel="canonical" href="http://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains" />
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
<script src="//cdn.sstatic.net/Js/stub.en.js?v=04f7b96a3f6b"></script>
<link rel="stylesheet" type="text/css" href="//cdn.sstatic.net/stackoverflow/all.css?v=465085e8bea6">
<link rel="alternate" type="application/atom+xml" title="Feed for question &#39;Access-Control-Allow-Origin Multiple Origin Domains?&#39;" href="/feeds/question/1653308">
<meta name="twitter:app:country" content="US" />
<meta name="twitter:app:name:iphone" content="Stack Exchange iOS" />
<meta name="twitter:app:id:iphone" content="871299723" />
<meta name="twitter:app:url:iphone" content="se-zaphod://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains" />
<meta name="twitter:app:name:ipad" content="Stack Exchange iOS" />
<meta name="twitter:app:id:ipad" content="871299723" />
<meta name="twitter:app:url:ipad" content="se-zaphod://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains" />
<meta name="twitter:app:name:googleplay" content="Stack Exchange Android">
<meta name="twitter:app:url:googleplay" content="http://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains">
<meta name="twitter:app:id:googleplay" content="com.stackexchange.marvin">
<script>
StackExchange.ready(function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.initSnippetRenderer();
});
StackExchange.using("postValidation", function () {
StackExchange.postValidation.initOnBlurAndSubmit($('#post-form'), 2, 'answer');
});
StackExchange.question.init({showAnswerHelp:true,totalCommentCount:3,shownCommentCount:3,highlightColor:'#F4A83D',backgroundColor:'#FFF',questionId:1653308});
styleCode();
StackExchange.realtime.subscribeToQuestion('1', '1653308');
StackExchange.using("gps", function () { StackExchange.gps.trackOutboundClicks('#content', '.post-text'); });
});
</script>
<script>
StackExchange.init({"locale":"en","stackAuthUrl":"https://stackauth.com","serverTime":1447907537,"networkMetaHostname":"meta.stackexchange.com","routeName":"Questions/Show","styleCode":true,"enableUserHovercards":true,"snippets":{"enabled":true,"domain":"stacksnippets.net"},"site":{"name":"Stack Overflow","description":"Q&A for professional and enthusiast programmers","isNoticesTabEnabled":true,"recaptchaPublicKey":"6LdchgIAAAAAAJwGpIzRQSOFaO0pU6s44Xt8aTwc","recaptchaAudioLang":"en","enableNewTagCreationWarning":true,"insertSpaceAfterNameTabCompletion":false,"id":1,"nonAsciiTags":true,"enableSocialMediaInSharePopup":true},"timingsGuid":"52b6532c-7db6-419b-b524-ae7294d01d10","timingsInfo":"mSDeH+5A8mo5orl972FZIX9zUx1X9NQRbzUoINFlPzrh6qUeTkDdr/E8NjSvwkkNDBzmNUheqev7N9sgpRkhSI0RSBAgYHc0ZlYSdPb6iVeTLh1wD3JboKW6Ur0ZkFQpBo03zDpXNHkk+QZ3nojaP/pb8IPXUw8MXf7984lQivDYpCoo2J4Simbh+bUXr3dtM+uP3ngXgZF3C8WVO9G5TvG6K4yJijLMmr4ff1dxKzJVUo0+07IuSxrwdcgFDkoszvwns6xVTHefzYMGOaskqb7x81DMiVZj1k+DFBGVMXVAQ/8NliLEVdZpkDI0RnewysnLpi4MXjlSc5dBeCh0JA==","user":{"fkey":"446ffcbb26be2dee11da0201910041cd","rep":0,"isAnonymous":true,"isAnonymousNetworkWide":true,"ab":{"simplified_signup_form":{"v":"c","g":1},"mobile_signup_confirmation_page":{"v":"a","g":2}}}});
StackExchange.using.setCacheBreakers({"js/prettify-full.en.js":"cd0b5dede31d","js/moderator.en.js":"7b2687f4cf30","js/full-anon.en.js":"cb17cb04308b","js/full.en.js":"634d3e98db6b","js/wmd.en.js":"5e9c26d19e49","js/third-party/jquery.autocomplete.min.js":"e5f01e97f7c3","js/third-party/jquery.autocomplete.min.en.js":"","js/mobile.en.js":"4fcbbedb7042","js/help.en.js":"f58b9bbdda52","js/tageditor.en.js":"bce25cab66ee","js/tageditornew.en.js":"e896c3471572","js/inline-tag-editing.en.js":"c8fe23f81191","js/revisions.en.js":"df3cb25dfabf","js/review.en.js":"5e92911ab590","js/tagsuggestions.en.js":"2a9fc67ea337","js/post-validation.en.js":"73fb051db844","js/explore-qlist.en.js":"415c9ef1f829","js/events.en.js":"d76cbbba1cbe","js/keyboard-shortcuts.en.js":"a51d528d60a9","js/external-editor.en.js":"717cd8f2a1e5","js/external-editor.en.js":"717cd8f2a1e5","js/snippet-javascript.en.js":"b7d150df9cac","js/snippet-javascript-codemirror.en.js":"5dbe7543c072"});
StackExchange.using("gps", function() {
StackExchange.gps.init(true);
});
</script>
<script>
StackExchange.ready(function () {
$('#nav-tour').click(function () {
StackExchange.using("gps", function() {
StackExchange.gps.track("aboutpage.click", { aboutclick_location: "headermain" }, true);
});
});
});
</script>
</head>
<body class="question-page new-topbar">
<noscript><div id="noscript-padding"></div></noscript>
<div id="notify-container"></div>
<div id="overlay-header"></div>
<div id="custom-header"></div>
<div class="topbar">
<div class="topbar-wrapper">
<div class="js-topbar-dialog-corral">
<div class="topbar-dialog siteSwitcher-dialog dno">
<div class="header">
<h3><a href="//stackoverflow.com">current community</a></h3>
</div>
<div class="modal-content current-site-container">
<ul class="current-site">
<li>
<div class="related-links">
<a href="http://chat.stackoverflow.com" class="js-gps-track" data-gps-track="site_switcher.click({ item_type:6 })"
>chat</a>
</div>
<a href="//stackoverflow.com"
class="current-site-link site-link js-gps-track"
data-id="1"
data-gps-track="
site_switcher.click({ item_type:3 })">
<div class="site-icon favicon favicon-stackoverflow" title="Stack Overflow"></div>
Stack Overflow
</a>
</li>
<li class="related-site">
<div class="L-shaped-icon-container">
<span class="L-shaped-icon"></span>
</div>
<a href="http://meta.stackoverflow.com"
class="site-link js-gps-track"
data-id="552"
data-gps-track="
site.switch({ target_site:552, item_type:3 }),
site_switcher.click({ item_type:4 })">
<div class="site-icon favicon favicon-stackoverflowmeta" title="Meta Stack Overflow"></div>
Meta Stack Overflow
</a>
</li>
<li class="related-site">
<div class="L-shaped-icon-container">
<span class="L-shaped-icon"></span>
</div>
<a class="site-link js-gps-track"
href="//careers.stackoverflow.com?utm_source=stackoverflow.com&amp;utm_medium=site-ui&amp;utm_campaign=multicollider"
data-gps-track="site_switcher.click({ item_type:9 })"
>
<div class="site-icon favicon favicon-careers" title="Stack Overflow Careers"></div>
Stack Overflow Careers
</a>
</li>
</ul>
</div>
<div class="header" id="your-communities-header">
<h3>
your communities </h3>
</div>
<div class="modal-content" id="your-communities-section">
<div class="call-to-login">
<a href="https://stackoverflow.com/users/signup?ssrc=site_switcher&amp;returnurl=http%3a%2f%2fstackoverflow.com%2fquestions%2f1653308%2faccess-control-allow-origin-multiple-origin-domains" class="login-link js-gps-track" data-gps-track="site_switcher.click({ item_type:10 })"
>Sign up</a> or <a href="https://stackoverflow.com/users/login?ssrc=site_switcher&amp;returnurl=http%3a%2f%2fstackoverflow.com%2fquestions%2f1653308%2faccess-control-allow-origin-multiple-origin-domains" class="login-link js-gps-track" data-gps-track="site_switcher.click({ item_type:11 })"
>log in</a> to customize your list.
</div>
</div>
<div class="header">
<h3><a href="//stackexchange.com/sites">more stack exchange communities</a></h3>
<a href="http://blog.stackoverflow.com" class="fr">company blog</a>
</div>
<div class="modal-content">
<div class="child-content"></div>
</div>
</div>
</div>
<div class="network-items">
<a href="//stackexchange.com"
class="topbar-icon icon-site-switcher yes-hover js-site-switcher-button js-gps-track"
data-gps-track="site_switcher.show"
title="A list of all 150 Stack Exchange sites">
<span class="hidden-text">Stack Exchange</span>
</a>
<a href="#"
class="topbar-icon icon-inbox yes-hover js-inbox-button"
title="Recent inbox messages">
<span class="hidden-text">Inbox</span>
<span class="unread-count" style="display:none"></span>
</a>
<a href="#"
class="topbar-icon icon-achievements yes-hover js-achievements-button "
data-unread-class=""
title="Recent achievements: reputation, badges, and privileges earned">
<span class="hidden-text">Reputation and Badges</span>
<span class="unread-count" style="display:none">
</span>
</a>
</div>
<div class="topbar-links">
<div class="links-container">
<span class="topbar-menu-links">
<a href="https://stackoverflow.com/users/signup?ssrc=head&returnurl=http%3a%2f%2fstackoverflow.com%2fquestions%2f1653308%2faccess-control-allow-origin-multiple-origin-domains" class="login-link">sign up</a>
<a href="https://stackoverflow.com/users/login?ssrc=head&returnurl=http%3a%2f%2fstackoverflow.com%2fquestions%2f1653308%2faccess-control-allow-origin-multiple-origin-domains" class="login-link">log in</a>
<a href="/tour">tour</a>
<a href="#" class="icon-help js-help-button" title="Help Center and other resources">
help
<span class="triangle"></span>
</a>
<div class="topbar-dialog help-dialog js-help-dialog dno">
<div class="modal-content">
<ul>
<li>
<a href="/tour" class="js-gps-track" data-gps-track="help_popup.click({ item_type:1 })">
Tour
<span class="item-summary">
Start here for a quick overview of the site
</span>
</a>
</li>
<li>
<a href="/help" class="js-gps-track" data-gps-track="help_popup.click({ item_type:4 })">
Help Center
<span class="item-summary">
Detailed answers to any questions you might have
</span>
</a>
</li>
<li>
<a href="//meta.stackoverflow.com" class="js-gps-track" data-gps-track="help_popup.click({ item_type:2 })">
Meta
<span class="item-summary">
Discuss the workings and policies of this site
</span>
</a>
</li>
</ul>
</div>
</div>
<a href="//careers.stackoverflow.com?utm_source=stackoverflow.com&amp;utm_medium=site-ui&amp;utm_campaign=anon-topbar">stack overflow careers</a>
</span>
</div>
<div class="search-container">
<form id="search" action="/search" method="get" autocomplete="off">
<input name="q" type="text" placeholder="search" value="" tabindex="1" autocomplete="off" maxlength="240" />
</form>
</div>
</div>
</div>
</div>
<script>
StackExchange.ready(function() { StackExchange.topbar.init(); });
</script>
<div class="container">
<div id="header">
<br class="cbt">
<div id="hlogo">
<a href="/" >
Stack Overflow
</a>
</div>
<div id="hmenus">
<div class="nav mainnavs">
<ul>
<li class="youarehere"><a id="nav-questions" href="/questions">Questions</a></li>
<li><a id="nav-tags" href="/tags">Tags</a></li>
<li><a id="nav-users" href="/users">Users</a></li>
<li><a id="nav-badges" href="/help/badges">Badges</a></li>
<li><a id="nav-unanswered" href="/unanswered">Unanswered</a></li>
</ul>
</div>
<div class="nav askquestion">
<ul>
<li>
<a id="nav-askquestion" href="/questions/ask">Ask Question</a>
</li>
</ul>
</div>
</div>
</div>
<div id="content" class="snippet-hidden">
<div itemscope itemtype="http://schema.org/Question">
<link itemprop="image" href="//cdn.sstatic.net/stackoverflow/img/apple-touch-icon.png?v=c78bd457575a">
<!--googleoff: all-->
<div id="herobox-mini">
<div id="hero-content">
<span id="controls">
<a href="/users/signup?ssrc=hero&amp;returnurl=http%3a%2f%2fstackoverflow.com%2fquestions%2f1653308%2faccess-control-allow-origin-multiple-origin-domains" id="tell-me-more" class="button">Sign up</a>
<span id="close"><a title="click to dismiss">&times;</a></span>
</span>
<div id="blurb">
Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them, it only takes a minute:
</div>
</div>
<script>
StackExchange.ready(function() {
var clickSource = $("body").attr("class") + '-mini';
var location = 0;
if ($("body").hasClass("questions-page")) {
clickSource = 'questionpagemini';
location = 2;
} else if ($("body").hasClass("question-page")) {
clickSource = 'questionpagemini';
location = 2;
} else if ($("body").hasClass("home-page")) {
clickSource = 'homepagemini';
location = 4;
}
$('#tell-me-more').click(function () {
StackExchange.using("gps", function () {
StackExchange.gps.track("hero.action", { hero_action_type: 'cta', location: location }, true);
});
});
$('#herobox-mini #close').click(function () {
StackExchange.using("gps", function () {
StackExchange.gps.track("hero.action", { hero_action_type: "close", location: location }, true);
});
$.cookie("hero", "none", { path: "/", expires: 365 });
var $hero = $("#herobox-mini");
$hero.slideUp('fast', function () { $hero.remove(); });
return false;
});
});
</script>
</div>
<!--googleon: all-->
<div id="question-header">
<h1 itemprop="name"><a href="/questions/1653308/access-control-allow-origin-multiple-origin-domains" class="question-hyperlink">Access-Control-Allow-Origin Multiple Origin Domains?</a></h1>
</div>
<div id="mainbar">
<div class="question" data-questionid="1653308" id="question">
<script>
var ados = ados || {}; ados.run = ados.run || [];
ados.run.push(function () { ados_add_placement(22,8277,"adzerk669062915",4).setZone(43); });
</script>
<div class="everyonelovesstackoverflow" id="adzerk669062915">
</div> <table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="1653308">
<a class="vote-up-off" title="This question shows research effort; it is useful and clear">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">444</span>
<a class="vote-down-off" title="This question does not show any research effort; it is unclear or not useful">down vote</a>
<a class="star-off" href="#" title="This is a favorite question (click again to undo)">favorite</a>
<div class="favoritecount"><b>147</b></div>
</div>
</td>
<td class="postcell">
<div>
<div class="post-text" itemprop="text">
<p>Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?</p>
<p>I'm aware of the *, but it is too open. I really want to allow just a couple domains.</p>
<p>As an example, something like this:</p>
<pre><code>Access-Control-Allow-Origin: http://domain1.com, http://domain2.com
</code></pre>
<p>I have tried the above code but it doesn't seem to work in Firefox.</p>
<p>Is it possible to specify multiple domains or am I stuck with just one?</p>
</div>
<div class="post-taglist">
<a href="/questions/tagged/http" class="post-tag" title="show questions tagged &#39;http&#39;" rel="tag">http</a> <a href="/questions/tagged/.htaccess" class="post-tag" title="show questions tagged &#39;.htaccess&#39;" rel="tag">.htaccess</a> <a href="/questions/tagged/xmlhttprequest" class="post-tag" title="show questions tagged &#39;xmlhttprequest&#39;" rel="tag">xmlhttprequest</a> <a href="/questions/tagged/cross-domain" class="post-tag" title="show questions tagged &#39;cross-domain&#39;" rel="tag">cross-domain</a>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/q/1653308" title="short permalink to this question" class="short-link" id="link-post-1653308">share</a><span class="lsep">|</span><a href="/posts/1653308/edit" class="suggest-edit-post" title="">improve this question</a></div>
</td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
<a href="/posts/1653308/revisions" title="show all edits to this post">edited <span title="2011-12-14 18:51:55Z" class="relativetime">Dec 14 '11 at 18:51</span></a>
</div>
<div class="user-gravatar32">
<a href="/users/527702/hippietrail"><div class="gravatar-wrapper-32"><img src="https://i.stack.imgur.com/LrH0d.jpg?s=32&amp;g=1" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/527702/hippietrail">hippietrail</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">5,416</span><span title="3 gold badges"><span class="badge1"></span><span class="badgecount">3</span></span><span title="47 silver badges"><span class="badge2"></span><span class="badgecount">47</span></span><span title="79 bronze badges"><span class="badge3"></span><span class="badgecount">79</span></span>
</div>
</div> </td>
<td class="post-signature owner">
<div class="user-info user-hover">
<div class="user-action-time">
asked <span title="2009-10-31 03:27:44Z" class="relativetime">Oct 31 '09 at 3:27</span>
</div>
<div class="user-gravatar32">
<a href="/users/133776/thomas-j-bradley"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/85205721252b7699414f86e5851acf57?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/133776/thomas-j-bradley">Thomas J Bradley</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">2,418</span><span title="3 gold badges"><span class="badge1"></span><span class="badgecount">3</span></span><span title="9 silver badges"><span class="badge2"></span><span class="badgecount">9</span></span><span title="8 bronze badges"><span class="badge3"></span><span class="badgecount">8</span></span>
</div>
</div>
</td>
</tr>
</table>
</div>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-1653308" class="comments ">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-28250590" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">3</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy"><a href="http://www.w3.org/TR/cors/#access-control-allow-origin-response-header" rel="nofollow">Rather than allowing a space-separated list of origins, (origin-list-or-null) is either a single origin or the string &quot;null&quot;.</a> (thanks @maxpolk)</span>
&ndash;&nbsp;<a href="/users/822138/sam"
title="5396 reputation"
class="comment-user">sam</a>
<span class="comment-date" dir="ltr"><span title="2013-10-01 01:30:42Z" class="relativetime-clean">Oct 1 '13 at 1:30</span></span>
<span class="edited-yes" title="this comment was edited 1 time"></span>
</div>
</td>
</tr>
<tr id="comment-34530100" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">1</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Using the most recent Firefox, neither comma seperated, nor space seperated domains did work. Matching against a list of domains and putting a single host in the headers is still better security and does work properly.</span>
&ndash;&nbsp;<a href="/users/1948292/danfromgermany"
title="11541 reputation"
class="comment-user">DanFromGermany</a>
<span class="comment-date" dir="ltr"><span title="2014-03-26 16:58:42Z" class="relativetime-clean">Mar 26 '14 at 16:58</span></span>
</div>
</td>
</tr>
<tr id="comment-45418103" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">1</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">If you&#39;re struggling with this for HTTPS, I found a <a href="http://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains/28552592#28552592">solution</a>.</span>
&ndash;&nbsp;<a href="/users/1399491/alex-w"
title="17096 reputation"
class="comment-user">Alex W</a>
<span class="comment-date" dir="ltr"><span title="2015-02-17 00:14:31Z" class="relativetime-clean">Feb 17 at 0:14</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-1653308" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid answering questions in comments."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<div id="answers">
<a name="tab-top"></a>
<div id="answers-header">
<div class="subheader answers-subheader">
<h2>
21 Answers
<span style="display:none;" itemprop="answerCount">21</span>
</h2>
<div>
<div id="tabs">
<a href="/questions/1653308/access-control-allow-origin-multiple-origin-domains?answertab=active#tab-top" data-nav-xhref="" title="Answers with the latest activity first" data-value="active">active</a>
<a href="/questions/1653308/access-control-allow-origin-multiple-origin-domains?answertab=oldest#tab-top" data-nav-xhref="" title="Answers in the order they were provided" data-value="oldest">oldest</a>
<a class="youarehere" href="/questions/1653308/access-control-allow-origin-multiple-origin-domains?answertab=votes#tab-top" data-nav-xhref="" title="Answers with the highest score first" data-value="votes">votes</a>
</div>
</div>
</div>
</div>
<a name="1850482"></a>
<div id="answer-1850482" class="answer accepted-answer" data-answerid="1850482" itemscope itemtype="http://schema.org/Answer" itemprop="acceptedAnswer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="1850482">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">424</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
<span class="vote-accepted-on load-accepted-answer-date" title="loading when this answer was accepted...">accepted</span>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you'd like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.</p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/1850482" title="short permalink to this answer" class="short-link" id="link-post-1850482">share</a><span class="lsep">|</span><a href="/posts/1850482/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2009-12-05 00:10:06Z" class="relativetime">Dec 5 '09 at 0:10</span>
</div>
<div class="user-gravatar32">
<a href="/users/225190/yesthatguy"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/c4085b15987bb7258abc73e6bc8ba730?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/225190/yesthatguy">yesthatguy</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">4,272</span><span title="1 gold badge"><span class="badge1"></span><span class="badgecount">1</span></span><span title="8 silver badges"><span class="badge2"></span><span class="badgecount">8</span></span><span title="3 bronze badges"><span class="badge3"></span><span class="badgecount">3</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-1850482" class="comments ">
<table>
<tbody data-remaining-comments-count="9"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-4473996" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="hot">25</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">This matches what the W3C suggests -- <a href="http://www.w3.org/TR/cors/#access-control-allow-origin-response-hea" rel="nofollow">w3.org/TR/cors/#access-control-allow-origin-response-hea</a></span>
&ndash;&nbsp;<a href="/users/296639/simon-b"
title="952 reputation"
class="comment-user">Simon B.</a>
<span class="comment-date" dir="ltr"><span title="2010-11-10 17:22:04Z" class="relativetime-clean">Nov 10 '10 at 17:22</span></span>
</div>
</td>
</tr>
<tr id="comment-6304250" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="supernova">89</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">My problem with this answer is it doesn&#39;t really help me, because we use a CDN, and obviously we can&#39;t control how the CDN sets headers programatically.</span>
&ndash;&nbsp;<a href="/users/122422/b-t"
title="9908 reputation"
class="comment-user">B T</a>
<span class="comment-date" dir="ltr"><span title="2011-04-05 00:00:25Z" class="relativetime-clean">Apr 5 '11 at 0:00</span></span>
</div>
</td>
</tr>
<tr id="comment-13417849" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">3</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">As @BT notes this isn&#39;t a great solution because it doesn&#39;t work over a CDN. With that said, if you still want to do it there are two typical CDN configurations. In the first, you use your server as an origin server. In that case specifying a simple * (while not ideal) would work. The CDN would cache this header along with whatever else you send and serve it to the client. In the second, you use a remote (CDN managed) server as the origin. In this case you should configure the CDN to send back a custom HTTP header for this content. (Again, you&#39;d specify *)</span>
&ndash;&nbsp;<a href="/users/1265527/genexp"
title="177 reputation"
class="comment-user">genexp</a>
<span class="comment-date" dir="ltr"><span title="2012-05-01 18:39:11Z" class="relativetime-clean">May 1 '12 at 18:39</span></span>
</div>
</td>
</tr>
<tr id="comment-16685896" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="warm">6</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Actual example (Nginx) in my answer below - <a href="http://stackoverflow.com/a/12414239/6084">stackoverflow.com/a/12414239/6084</a></span>
&ndash;&nbsp;<a href="/users/6084/mjallday"
title="4803 reputation"
class="comment-user">mjallday</a>
<span class="comment-date" dir="ltr"><span title="2012-09-13 20:26:07Z" class="relativetime-clean">Sep 13 '12 at 20:26</span></span>
</div>
</td>
</tr>
<tr id="comment-19833449" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="hot">23</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">If caches or CDNs are a concern, use the <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.44" rel="nofollow">Vary header</a> to tell the cache/CDN to keep separate responses for different Origin request header values. You would include a header like &quot;Vary: Origin&quot; in your response. The cache/CDN then knows that it should send one response to a request with header &quot;Origin: <a href="http://foo.example.com&quot" rel="nofollow">foo.example.com&quot</a>;, and a different response to a request with header &quot;Origin: <a href="http://bar.example.com&quot" rel="nofollow">bar.example.com&quot</a>;.</span>
&ndash;&nbsp;<a href="/users/302898/sean"
title="960 reputation"
class="comment-user">Sean</a>
<span class="comment-date" dir="ltr"><span title="2013-01-11 17:34:19Z" class="relativetime-clean">Jan 11 '13 at 17:34</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-1850482" data-rep=50 data-anon=true>
<a class="js-add-link comments-link dno"
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
></a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link " title="expand to show all comments on this post" href=# onclick="">show <b>9</b> more comments</a>
</div>
</td>
</tr> </table>
</div>
<script>
var ados = ados || {}; ados.run = ados.run || [];
ados.run.push(function () { ados_add_placement(22,8277,"adzerk1547140043",4).setZone(44); });
</script>
<div class="everyonelovesstackoverflow" id="adzerk1547140043">
</div>
<a name="6044862"></a>
<div id="answer-6044862" class="answer" data-answerid="6044862" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="6044862">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">76</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>I had the same problem with woff-fonts, multiple subdomains had to have access. To allow subdomains I added something like this to my httpd.conf:</p>
<pre><code>SetEnvIf Origin "^(.*\.example\.com)$" ORIGIN_SUB_DOMAIN=$1
&lt;FilesMatch "\.woff$"&gt;
Header set Access-Control-Allow-Origin "%{ORIGIN_SUB_DOMAIN}e" env=ORIGIN_SUB_DOMAIN
&lt;/FilesMatch&gt;
</code></pre>
<p>For multiple domains you could just change the regex in <code>SetEnvIf</code>.</p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/6044862" title="short permalink to this answer" class="short-link" id="link-post-6044862">share</a><span class="lsep">|</span><a href="/posts/6044862/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info user-hover">
<div class="user-action-time">
<a href="/posts/6044862/revisions" title="show all edits to this post">edited <span title="2013-07-09 07:59:26Z" class="relativetime">Jul 9 '13 at 7:59</span></a>
</div>
<div class="user-gravatar32">
<a href="/users/128421/the-tin-man"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/71770d043c0f7e3c7bc5f74190015c26?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/128421/the-tin-man">the Tin Man</a><br>
<span class="reputation-score" title="reputation score 93910" dir="ltr">93.9k</span><span title="18 gold badges"><span class="badge1"></span><span class="badgecount">18</span></span><span title="117 silver badges"><span class="badge2"></span><span class="badgecount">117</span></span><span title="180 bronze badges"><span class="badge3"></span><span class="badgecount">180</span></span>
</div>
</div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2011-05-18 12:46:07Z" class="relativetime">May 18 '11 at 12:46</span>
</div>
<div class="user-gravatar32">
<a href="/users/542433/staugaard"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/fa7c1574c750581928509b6429b2fe56?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/542433/staugaard">Staugaard</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">869</span><span title="6 silver badges"><span class="badge2"></span><span class="badgecount">6</span></span><span title="5 bronze badges"><span class="badge3"></span><span class="badgecount">5</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-6044862" class="comments ">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-13142716" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">2</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Did the trick. Just make sure you adapt the regular expression correctly. I needed to add a question mark to allow the domain itself, e.g. <code>(.*\.?example\.org)</code> for <code>example.com</code> and <code>sub.example.com</code>.</span>
&ndash;&nbsp;<a href="/users/128703/trkoch"
title="690 reputation"
class="comment-user">trkoch</a>
<span class="comment-date" dir="ltr"><span title="2012-04-19 13:55:22Z" class="relativetime-clean">Apr 19 '12 at 13:55</span></span>
</div>
</td>
</tr>
<tr id="comment-25569426" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Any thoughts on how to adapt this for IIS 7?</span>
&ndash;&nbsp;<a href="/users/271985/dadwithkids"
title="123 reputation"
class="comment-user">dadwithkids</a>
<span class="comment-date" dir="ltr"><span title="2013-07-10 14:53:29Z" class="relativetime-clean">Jul 10 '13 at 14:53</span></span>
</div>
</td>
</tr>
<tr id="comment-26355640" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Isn&#39;t that defeating the purpose though ? What would prevent a malicious user from forging the Origin header value ?</span>
&ndash;&nbsp;<a href="/users/302789/gr%c3%a9gory-joseph"
title="504 reputation"
class="comment-user">Gr&#233;gory Joseph</a>
<span class="comment-date" dir="ltr"><span title="2013-08-02 15:22:04Z" class="relativetime-clean">Aug 2 '13 at 15:22</span></span>
</div>
</td>
</tr>
<tr id="comment-26774066" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">@Gr&#233;goryJoseph Access-Control-Allow-Origin isn&#39;t about hiding resources from someone that can request it. It&#39;s about preventing a malicious site from having end users calling your site. In the case of font files, this can only effectively limit hot linking of fonts, why they (mozilla/firefox) didn&#39;t do the same for other resources (js, css, etc) is beyond me.</span>
&ndash;&nbsp;<a href="/users/43906/tracker1"
title="9593 reputation"
class="comment-user">Tracker1</a>
<span class="comment-date" dir="ltr"><span title="2013-08-15 16:28:40Z" class="relativetime-clean">Aug 15 '13 at 16:28</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-6044862" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="7454204"></a>
<div id="answer-7454204" class="answer" data-answerid="7454204" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="7454204">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">69</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>Another solution I'm using in PHP:</p>
<pre><code>$http_origin = $_SERVER['HTTP_ORIGIN'];
if ($http_origin == "http://www.domain1.com" || $http_origin == "http://www.domain2.com" || $http_origin == "http://www.domain3.info")
{
header("Access-Control-Allow-Origin: $http_origin");
}
</code></pre>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/7454204" title="short permalink to this answer" class="short-link" id="link-post-7454204">share</a><span class="lsep">|</span><a href="/posts/7454204/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
<a href="/posts/7454204/revisions" title="show all edits to this post">edited <span title="2013-09-26 11:38:47Z" class="relativetime">Sep 26 '13 at 11:38</span></a>
</div>
<div class="user-gravatar32">
</div>
<div class="user-details">
<br>
</div>
</div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2011-09-17 10:49:21Z" class="relativetime">Sep 17 '11 at 10:49</span>
</div>
<div class="user-gravatar32">
<a href="/users/613598/nikolay-ivanov"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/c888f7e2942382050674abedc46343f5?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/613598/nikolay-ivanov">Nikolay Ivanov</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">1,419</span><span title="12 silver badges"><span class="badge2"></span><span class="badgecount">12</span></span><span title="16 bronze badges"><span class="badge3"></span><span class="badgecount">16</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-7454204" class="comments ">
<table>
<tbody data-remaining-comments-count="1"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-14338713" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="warm">10</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Why not use the approach suggested in <a href="http://stackoverflow.com/a/1850482/11635">stackoverflow.com/a/1850482/11635</a> [and dont sent a wildcard, just the requested origin] ? This is just more permissive without achieving anything more?</span>
&ndash;&nbsp;<a href="/users/11635/ruben-bartelink"
title="28191 reputation"
class="comment-user">Ruben Bartelink</a>
<span class="comment-date" dir="ltr"><span title="2012-06-11 10:54:19Z" class="relativetime-clean">Jun 11 '12 at 10:54</span></span>
</div>
</td>
</tr>
<tr id="comment-19386908" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="warm">8</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">having <code>header(&#39;Access-Control-Allow-Origin: *&#39;)</code> sometimes says cannot use wild card if credentials flag is true - happens when <code>header(&#39;Access-Control-Allow-Credentials: true&#39;)</code>probably. So, better to Allow-Origin the <code>$http_origin</code> itself if the conditions are met</span>
&ndash;&nbsp;<a href="/users/636762/syedrakib"
title="1780 reputation"
class="comment-user">syedrakib</a>
<span class="comment-date" dir="ltr"><span title="2012-12-25 21:40:11Z" class="relativetime-clean">Dec 25 '12 at 21:40</span></span>
</div>
</td>
</tr>
<tr id="comment-33625514" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Nice trick. helped me. Thank you.</span>
&ndash;&nbsp;<a href="/users/1935534/jalaljaberi"
title="432 reputation"
class="comment-user">JalalJaberi</a>
<span class="comment-date" dir="ltr"><span title="2014-03-03 21:09:29Z" class="relativetime-clean">Mar 3 '14 at 21:09</span></span>
</div>
</td>
</tr>
<tr id="comment-46326326" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">1</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">replace the last line with <code>header(&quot;Access-Control-Allow-Origin: &quot; . $http_origin);</code> to make it work</span>
&ndash;&nbsp;<a href="/users/2112538/francoisromain"
title="1600 reputation"
class="comment-user">francoisromain</a>
<span class="comment-date" dir="ltr"><span title="2015-03-13 22:47:12Z" class="relativetime-clean">Mar 13 at 22:47</span></span>
</div>
</td>
</tr>
<tr id="comment-46338273" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">@desgnl, both ways it works. PHP variables inside double quotes are evaluated: <a href="http://php.net/manual/de/language.types.string.php#language.types.string.parsing" rel="nofollow">php.net/manual/de/&hellip;</a></span>
&ndash;&nbsp;<a href="/users/613598/nikolay-ivanov"
title="1419 reputation"
class="comment-user">Nikolay Ivanov</a>
<span class="comment-date" dir="ltr"><span title="2015-03-14 14:35:55Z" class="relativetime-clean">Mar 14 at 14:35</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-7454204" data-rep=50 data-anon=true>
<a class="js-add-link comments-link dno"
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
></a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link " title="expand to show all comments on this post" href=# onclick="">show <b>1</b> more comment</a>
</div>
</td>
</tr> </table>
</div>
<a name="11077890"></a>
<div id="answer-11077890" class="answer" data-answerid="11077890" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="11077890">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">57</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>This worked for me:</p>
<pre><code>SetEnvIf Origin "^http(s)?://(.+\.)?(domain\.org|domain2\.com)$" origin_is=$0
Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is
</code></pre>
<p>put in .htaccess</p>
<p>it will work for sure.</p>
<p>Cheers!!</p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/11077890" title="short permalink to this answer" class="short-link" id="link-post-11077890">share</a><span class="lsep">|</span><a href="/posts/11077890/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2012-06-18 06:31:30Z" class="relativetime">Jun 18 '12 at 6:31</span>
</div>
<div class="user-gravatar32">
<a href="/users/1377144/jay-dave"><div class="gravatar-wrapper-32"><img src="https://i.stack.imgur.com/UMvMD.jpg?s=32&amp;g=1" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/1377144/jay-dave">Jay Dave</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">897</span><span title="8 silver badges"><span class="badge2"></span><span class="badgecount">8</span></span><span title="7 bronze badges"><span class="badge3"></span><span class="badgecount">7</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-11077890" class="comments ">
<table>
<tbody data-remaining-comments-count="1"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-19016529" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">This is a great solution, thanks.</span>
&ndash;&nbsp;<a href="/users/545726/aiham"
title="1596 reputation"
class="comment-user">aiham</a>
<span class="comment-date" dir="ltr"><span title="2012-12-11 12:28:22Z" class="relativetime-clean">Dec 11 '12 at 12:28</span></span>
</div>
</td>
</tr>
<tr id="comment-28779045" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">3</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Great answer, should be the accepted answer since it provides the solution as well!</span>
&ndash;&nbsp;<a href="/users/798634/matt-k"
title="3860 reputation"
class="comment-user">Matt K</a>
<span class="comment-date" dir="ltr"><span title="2013-10-16 21:09:57Z" class="relativetime-clean">Oct 16 '13 at 21:09</span></span>
<span class="edited-yes" title="this comment was edited 1 time"></span>
</div>
</td>
</tr>
<tr id="comment-29379685" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="warm">11</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">best solution for me, but i added port support (e.g. <a href="http://localhost:3000" rel="nofollow">localhost:3000</a> for development): SetEnvIf Origin &quot;^http(s)?://(.+\.)?(localhost|stackoverflow.com|example1.com)(:[0-9]+)?$&quot; origin_is=$0</span>
&ndash;&nbsp;<a href="/users/2334230/tecjam"
title="218 reputation"
class="comment-user">tecjam</a>
<span class="comment-date" dir="ltr"><span title="2013-11-04 13:10:33Z" class="relativetime-clean">Nov 4 '13 at 13:10</span></span>
</div>
</td>
</tr>
<tr id="comment-38210092" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">1</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">It&#39;s working great!</span>
&ndash;&nbsp;<a href="/users/1366109/orz"
title="208 reputation"
class="comment-user">Orz</a>
<span class="comment-date" dir="ltr"><span title="2014-07-09 09:36:00Z" class="relativetime-clean">Jul 9 '14 at 9:36</span></span>
</div>
</td>
</tr>
<tr id="comment-45941442" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Of the several answers all around stackoverflow, this was the one that worked.</span>
&ndash;&nbsp;<a href="/users/1130803/meetai-com"
title="1383 reputation"
class="comment-user">Meetai.com</a>
<span class="comment-date" dir="ltr"><span title="2015-03-03 15:45:11Z" class="relativetime-clean">Mar 3 at 15:45</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-11077890" data-rep=50 data-anon=true>
<a class="js-add-link comments-link dno"
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
></a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link " title="expand to show all comments on this post" href=# onclick="">show <b>1</b> more comment</a>
</div>
</td>
</tr> </table>
</div>
<a name="4110601"></a>
<div id="answer-4110601" class="answer" data-answerid="4110601" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="4110601">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">40</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>The answer seems to be to use the header more than once. That is, rather than sending</p>
<pre><code>Access-Control-Allow-Origin: http://domain1.com, http://domain2.com, http://domain3.com
</code></pre>
<p>send</p>
<pre><code>Access-Control-Allow-Origin: http://domain1.com
Access-Control-Allow-Origin: http://domain2.com
Access-Control-Allow-Origin: http://domain3.com
</code></pre>
<p>On Apache, you can do this in an <code>httpd.conf</code> <code>&lt;VirtualHost&gt;</code> section or <code>.htaccess</code> file using <code>mod_headers</code> and this syntax:</p>
<pre><code>Header add Access-Control-Allow-Origin "http://domain1.com"
Header add Access-Control-Allow-Origin "http://domain2.com"
Header add Access-Control-Allow-Origin "http://domain3.com"
</code></pre>
<p>The trick is to use <code>add</code> rather than <code>append</code> as the first argument.</p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/4110601" title="short permalink to this answer" class="short-link" id="link-post-4110601">share</a><span class="lsep">|</span><a href="/posts/4110601/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2010-11-05 22:22:20Z" class="relativetime">Nov 5 '10 at 22:22</span>
</div>
<div class="user-gravatar32">
<a href="/users/498857/ben-c-forsberg"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/d3140a7fb9c8e1db421a5c0657923b67?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/498857/ben-c-forsberg">Ben C. Forsberg</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">825</span><span title="6 silver badges"><span class="badge2"></span><span class="badgecount">6</span></span><span title="2 bronze badges"><span class="badge3"></span><span class="badgecount">2</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-4110601" class="comments ">
<table>
<tbody data-remaining-comments-count="6"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-23267891" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">2</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">there&#39;s a variation on this which seems to work: <a href="http://stackoverflow.com/questions/9466496/how-to-configure-apache-to-handle-multiple-domains-with-access-control-allow-ori" title="how to configure apache to handle multiple domains with access control allow ori">stackoverflow.com/questions/9466496/&hellip;</a></span>
&ndash;&nbsp;<a href="/users/262455/jack-james"
title="1325 reputation"
class="comment-user">Jack James</a>
<span class="comment-date" dir="ltr"><span title="2013-04-28 07:58:32Z" class="relativetime-clean">Apr 28 '13 at 7:58</span></span>
</div>
</td>
</tr>
<tr id="comment-24118646" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="supernova">62</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Just spent two hours trying to fix an issue related to CORS and it turns out that it was because of multiple Access-Control-Allow-Origin headers. I removed the multiple Access-Control-Allow-Origin headers and it started working. So this is not the right answer despite the number of votes. Use this method instead to support multiple domains: <a href="http://stackoverflow.com/a/1850482/123545">stackoverflow.com/a/1850482/123545</a></span>
&ndash;&nbsp;<a href="/users/123545/erjab"
title="2185 reputation"
class="comment-user">ErJab</a>
<span class="comment-date" dir="ltr"><span title="2013-05-25 00:26:07Z" class="relativetime-clean">May 25 '13 at 0:26</span></span>
</div>
</td>
</tr>
<tr id="comment-38075521" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="warm">8</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">This is not a correct answer.</span>
&ndash;&nbsp;<a href="/users/1166285/d-b"
title="5717 reputation"
class="comment-user">d-_-b</a>
<span class="comment-date" dir="ltr"><span title="2014-07-04 18:35:10Z" class="relativetime-clean">Jul 4 '14 at 18:35</span></span>
</div>
</td>
</tr>
<tr id="comment-40223212" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="warm">5</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">The <a href="http://www.w3.org/TR/cors/" rel="nofollow">specs</a> clearly say that multiple values will cause the CORS algorithm to fails. So this isn&#39;t correct.</span>
&ndash;&nbsp;<a href="/users/1233630/lior"
title="996 reputation"
class="comment-user">Lior</a>
<span class="comment-date" dir="ltr"><span title="2014-09-08 15:56:36Z" class="relativetime-clean">Sep 8 '14 at 15:56</span></span>
</div>
</td>
</tr>
<tr id="comment-41201490" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">4</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Also confirming this is incorrect. Using this to serve CSS to four domains, I receive an error in Chrome&#39;s log <i>&quot;[...] header contains multiple values &#39;<a href="http://aaa.com" rel="nofollow">aaa.com</a>, <a href="http://bbb.com&#39" rel="nofollow">bbb.com&#39</a>;, but only one is allowed&quot;</i>. It does not matter if you define it as one header, or multiple, or using <code>add</code> vs. <code>set</code>. It just doesn&#39;t work.</span>
&ndash;&nbsp;<a href="/users/470480/radgh"
title="1432 reputation"
class="comment-user">RadGH</a>
<span class="comment-date" dir="ltr"><span title="2014-10-08 17:56:24Z" class="relativetime-clean">Oct 8 '14 at 17:56</span></span>
<span class="edited-yes" title="this comment was edited 2 times"></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-4110601" data-rep=50 data-anon=true>
<a class="js-add-link comments-link dno"
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
></a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link " title="expand to show all comments on this post" href=# onclick="">show <b>6</b> more comments</a>
</div>
</td>
</tr> </table>
</div>
<a name="12414239"></a>
<div id="answer-12414239" class="answer" data-answerid="12414239" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="12414239">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">26</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>Here's how to echo the Origin header back if it matches your domain with Nginx, this is useful if you want to serve a font multiple sub-domains:</p>
<pre><code>location /fonts {
# this will echo back the origin header
if ($http_origin ~ "example.org$") {
add_header "Access-Control-Allow-Origin" $http_origin;
}
}
</code></pre>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/12414239" title="short permalink to this answer" class="short-link" id="link-post-12414239">share</a><span class="lsep">|</span><a href="/posts/12414239/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info user-hover">
<div class="user-action-time">
answered <span title="2012-09-13 20:25:22Z" class="relativetime">Sep 13 '12 at 20:25</span>
</div>
<div class="user-gravatar32">
<a href="/users/6084/mjallday"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/cfea58b30e0b6fa07091b6405d32df23?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/6084/mjallday">mjallday</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">4,803</span><span title="1 gold badge"><span class="badge1"></span><span class="badgecount">1</span></span><span title="30 silver badges"><span class="badge2"></span><span class="badgecount">30</span></span><span title="52 bronze badges"><span class="badge3"></span><span class="badgecount">52</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-12414239" class="comments ">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-44918484" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Can&#39;t understand how is this different from: add_header Access-Control-Allow-Origin *; Care to explain?</span>
&ndash;&nbsp;<a href="/users/1128223/anoyz"
title="2619 reputation"
class="comment-user">Anoyz</a>
<span class="comment-date" dir="ltr"><span title="2015-02-02 16:24:26Z" class="relativetime-clean">Feb 2 at 16:24</span></span>
<span class="edited-yes" title="this comment was edited 2 times"></span>
</div>
</td>
</tr>
<tr id="comment-45056169" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">this is going to return a header that authorizes the browser to only send requests from the domain specified. if i guessed i&#39;d say the browser could authorize content from another domain loaded on that page to access the server otherwise.</span>
&ndash;&nbsp;<a href="/users/6084/mjallday"
title="4803 reputation"
class="comment-user">mjallday</a>
<span class="comment-date" dir="ltr"><span title="2015-02-06 00:06:21Z" class="relativetime-clean">Feb 6 at 0:06</span></span>
</div>
</td>
</tr>
<tr id="comment-49655725" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">1</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">@Anoyz for one thing there may be enhanced security where &quot;Allow *&quot; is not permitted, but a specified and matching host name for the allow header works. An example here, if you want to send authorization information cross domain, you can not use &quot;Allow *&quot;</span>
&ndash;&nbsp;<a href="/users/1361680/tcc"
title="851 reputation"
class="comment-user">TCC</a>
<span class="comment-date" dir="ltr"><span title="2015-06-12 13:00:40Z" class="relativetime-clean">Jun 12 at 13:00</span></span>
</div>
</td>
</tr>
<tr id="comment-53940882" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">TCC, that is the exact reason -- I didn&#39;t want to limit the clients, but I did want to use authorization. The only way to do that according to the specs is to return the Origin. I&#39;m actually surprised that they even have * -- either return the origin or don&#39;t.</span>
&ndash;&nbsp;<a href="/users/1331672/gerard-oneill"
title="837 reputation"
class="comment-user">Gerard ONeill</a>
<span class="comment-date" dir="ltr"><span title="2015-10-11 01:16:12Z" class="relativetime-clean">Oct 11 at 1:16</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-12414239" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="2303353"></a>
<div id="answer-2303353" class="answer" data-answerid="2303353" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="2303353">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">13</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>There is one disadvantage you should be aware of: As soon as you out-source files to a CDN (or any other server which doesn't allow scripting) or if your files are cached on a proxy, altering response based on 'Origin' request header will not work.</p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/2303353" title="short permalink to this answer" class="short-link" id="link-post-2303353">share</a><span class="lsep">|</span><a href="/posts/2303353/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2010-02-20 19:18:51Z" class="relativetime">Feb 20 '10 at 19:18</span>
</div>
<div class="user-gravatar32">
<a href="/users/277784/mark"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/69b368f1ce68bead1174517a3ed99c17?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/277784/mark">Mark</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">139</span><span title="1 silver badge"><span class="badge2"></span><span class="badgecount">1</span></span><span title="2 bronze badges"><span class="badge3"></span><span class="badgecount">2</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-2303353" class="comments ">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-6304191" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">4</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Could you elaborate on this, or point us somewhere we can look for more info? I&#39;m looking to do just that with Limelight, and I&#39;m hoping you&#39;re wrong. One of our tech ops guys said that as long as our CDN seed server sends the header, the CDN itself will send it. Have yet to test it out</span>
&ndash;&nbsp;<a href="/users/122422/b-t"
title="9908 reputation"
class="comment-user">B T</a>
<span class="comment-date" dir="ltr"><span title="2011-04-04 23:52:28Z" class="relativetime-clean">Apr 4 '11 at 23:52</span></span>
</div>
</td>
</tr>
<tr id="comment-19835066" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="warm">6</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">If caches or CDNs are a concern, use the Vary header to tell the cache/CDN to keep separate responses for different Origin request header values. You would include a header like &quot;Vary: Origin&quot; in your response. The cache/CDN then knows that it should send one response to a request with header &quot;Origin: <a href="http://foo.example.com&quot" rel="nofollow">foo.example.com&quot</a>;, and a different response to a request with header &quot;Origin: <a href="http://bar.example.com&quot" rel="nofollow">bar.example.com&quot</a>;.</span>
&ndash;&nbsp;<a href="/users/302898/sean"
title="960 reputation"
class="comment-user">Sean</a>
<span class="comment-date" dir="ltr"><span title="2013-01-11 18:32:31Z" class="relativetime-clean">Jan 11 '13 at 18:32</span></span>
<span class="edited-yes" title="this comment was edited 1 time"></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-2303353" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="14034228"></a>
<div id="answer-14034228" class="answer" data-answerid="14034228" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="14034228">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">13</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>Here is what i did for a PHP application which is being requested by AJAX</p>
<pre><code>$request_headers = apache_request_headers();
$http_origin = $request_headers['Origin'];
$allowed_http_origins = array(
"http://myDumbDomain.com" ,
"http://anotherDumbDomain.com" ,
"http://localhost" ,
);
if (in_array($http_origin, $allowed_http_origins)){
@header("Access-Control-Allow-Origin: " . $http_origin);
}
</code></pre>
<p>If the requesting origin is allowed by my server, return the <code>$http_origin</code> itself as value of the <code>Access-Control-Allow-Origin</code> header instead of returning a <code>*</code> wildcard, </p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/14034228" title="short permalink to this answer" class="short-link" id="link-post-14034228">share</a><span class="lsep">|</span><a href="/posts/14034228/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2012-12-25 21:48:57Z" class="relativetime">Dec 25 '12 at 21:48</span>
</div>
<div class="user-gravatar32">
<a href="/users/636762/syedrakib"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/52351c68bff7878307faa6ad4056cb27?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/636762/syedrakib">syedrakib</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">1,780</span><span title="2 gold badges"><span class="badge1"></span><span class="badgecount">2</span></span><span title="17 silver badges"><span class="badge2"></span><span class="badgecount">17</span></span><span title="46 bronze badges"><span class="badge3"></span><span class="badgecount">46</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-14034228" class="comments dno">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr><td></td><td></td></tr>
</tbody>
</table>
</div>
<div id="comments-link-14034228" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="22331292"></a>
<div id="answer-22331292" class="answer" data-answerid="22331292" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="22331292">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">11</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>For multiple domains, in your .htaccess:</p>
<pre><code>&lt;IfModule mod_headers.c&gt;
SetEnvIf Origin "http(s)?://(www\.)?(domain1.org|domain2.com)$" AccessControlAllowOrigin=$0$1
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials true
&lt;/IfModule&gt;
</code></pre>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/22331292" title="short permalink to this answer" class="short-link" id="link-post-22331292">share</a><span class="lsep">|</span><a href="/posts/22331292/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info user-hover">
<div class="user-action-time">
answered <span title="2014-03-11 16:51:01Z" class="relativetime">Mar 11 '14 at 16:51</span>
</div>
<div class="user-gravatar32">
<a href="/users/1140227/george"><div class="gravatar-wrapper-32"><img src="https://i.stack.imgur.com/JLyN0.jpg?s=32&amp;g=1" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/1140227/george">George</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">2,602</span><span title="4 gold badges"><span class="badge1"></span><span class="badgecount">4</span></span><span title="20 silver badges"><span class="badge2"></span><span class="badgecount">20</span></span><span title="40 bronze badges"><span class="badge3"></span><span class="badgecount">40</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-22331292" class="comments ">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-41010566" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">This snippet works perfectly for me. But I don&#39;t understand what it does :D</span>
&ndash;&nbsp;<a href="/users/1059828/abimelex"
title="2355 reputation"
class="comment-user">abimelex</a>
<span class="comment-date" dir="ltr"><span title="2014-10-02 11:51:57Z" class="relativetime-clean">Oct 2 '14 at 11:51</span></span>
</div>
</td>
</tr>
<tr id="comment-49416519" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">this worked for me, although i had to add a &#39;^&#39; i.e.... SetEnvIf Origin &quot;^http(s)?://(www\.)?</span>
&ndash;&nbsp;<a href="/users/414092/gypsydev"
title="128 reputation"
class="comment-user">gypsyDev</a>
<span class="comment-date" dir="ltr"><span title="2015-06-06 00:04:25Z" class="relativetime-clean">Jun 6 at 0:04</span></span>
<span class="edited-yes" title="this comment was edited 1 time"></span>
</div>
</td>
</tr>
<tr id="comment-50298005" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">It does pretty much the same as <a href="http://stackoverflow.com/a/14034228/209139">stackoverflow.com/a/14034228/209139</a>. It&#39;s just that .htaccess syntax is a lot harder to read than PHP. <code>Header set Vary Origin</code> would be a nice addition to this answer.</span>
&ndash;&nbsp;<a href="/users/209139/trig"
title="4593 reputation"
class="comment-user">TRiG</a>
<span class="comment-date" dir="ltr"><span title="2015-06-30 16:36:16Z" class="relativetime-clean">Jun 30 at 16:36</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-22331292" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="12818477"></a>
<div id="answer-12818477" class="answer" data-answerid="12818477" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="12818477">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">4</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>Maybe I'm wrong .. but as far as I can see Access-Control-Allow-Origin has an "origin-list" as parameter.</p>
<p>By <a href="http://www.w3.org/TR/cors/#access-control-allow-origin-response-header" rel="nofollow">definition</a> an origin-list is:</p>
<pre><code>origin = "origin" ":" 1*WSP [ "null" / origin-list ]
origin-list = serialized-origin *( 1*WSP serialized-origin )
serialized-origin = scheme "://" host [ ":" port ]
; &lt;scheme&gt;, &lt;host&gt;, &lt;port&gt; productions from RFC3986
</code></pre>
<p>And from this I argue different origins are admitted and should be <strong>space separated</strong> ...</p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/12818477" title="short permalink to this answer" class="short-link" id="link-post-12818477">share</a><span class="lsep">|</span><a href="/posts/12818477/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info user-hover">
<div class="user-action-time">
answered <span title="2012-10-10 11:40:59Z" class="relativetime">Oct 10 '12 at 11:40</span>
</div>
<div class="user-gravatar32">
<a href="/users/136338/albert"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/d61767a2df7cfc484c653c27193a34d1?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/136338/albert">AlberT</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">6,169</span><span title="2 gold badges"><span class="badge1"></span><span class="badgecount">2</span></span><span title="21 silver badges"><span class="badge2"></span><span class="badgecount">21</span></span><span title="29 bronze badges"><span class="badge3"></span><span class="badgecount">29</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-12818477" class="comments ">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-18802788" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="cool">1</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">That does seem to be a correct interpretation of the spec; that said, the spec does not seem to be fully supported by current browsers (for example, I just tested this on Firefox 17.0 and confirmed that it will not work).</span>
&ndash;&nbsp;<a href="/users/977046/rookierick"
title="329 reputation"
class="comment-user">RookieRick</a>
<span class="comment-date" dir="ltr"><span title="2012-12-03 23:59:47Z" class="relativetime-clean">Dec 3 '12 at 23:59</span></span>
<span class="edited-yes" title="this comment was edited 1 time"></span>
</div>
</td>
</tr>
<tr id="comment-20968210" class="comment ">
<td class="comment-actions">
<table>
<tbody>
<tr>
<td class=" comment-score">
<span title="number of &#39;useful comment&#39; votes received"
class="warm">5</span>
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">The <a href="http://www.w3.org/TR/cors/#access-control-allow-origin-response-header" rel="nofollow">CORS specification</a> section <code>5.1 Access-Control-Allow-Origin Response Header</code> states that origin-list is constrained: <i>Rather than allowing a space-separated list of origins, it is either a single origin or the string &quot;null&quot;.</i></span>
&ndash;&nbsp;<a href="/users/244994/maxpolk"
title="795 reputation"
class="comment-user">maxpolk</a>
<span class="comment-date" dir="ltr"><span title="2013-02-18 16:19:38Z" class="relativetime-clean">Feb 18 '13 at 16:19</span></span>
</div>
</td>
</tr>
<tr id="comment-48169437" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">As I mentioned in a comment on my own answer, that&#39;s part of a implementors note, not an RFC 2119 requirement. The &#39;correct&#39; answer absolutely is to use space-delimited values. The problem is simply that the implementations are incomplete and so the &#39;correct&#39; answer doesn&#39;t necessarily work. It should, but it doesn&#39;t. However, in the future, as implementations get better, this may change.</span>
&ndash;&nbsp;<a href="/users/90723/bob-aman"
title="22680 reputation"
class="comment-user">Bob Aman</a>
<span class="comment-date" dir="ltr"><span title="2015-05-04 09:02:17Z" class="relativetime-clean">May 4 at 9:02</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-12818477" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="27879729"></a>
<div id="answer-27879729" class="answer" data-answerid="27879729" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="27879729">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">3</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>For Nginx users to allow CORS for multiple domains. I like the @marshall's example although his anwers only matches one domain. To match a list of domain and subdomain this regex make it ease to work with fonts:</p>
<pre><code>location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
if ( $http_origin ~* (https?://(.+\.)?(domain1|domain2|domain3)\.(?:me|co|com)$) ) {
add_header "Access-Control-Allow-Origin" "$http_origin";
}
}
</code></pre>
<p>This will only echo "Access-Control-Allow-Origin" headers that matches with the given list of domains.</p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/27879729" title="short permalink to this answer" class="short-link" id="link-post-27879729">share</a><span class="lsep">|</span><a href="/posts/27879729/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2015-01-10 18:31:14Z" class="relativetime">Jan 10 at 18:31</span>
</div>
<div class="user-gravatar32">
<a href="/users/2845262/adriano-rosa"><div class="gravatar-wrapper-32"><img src="https://i.stack.imgur.com/tVHlh.jpg?s=32&amp;g=1" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/2845262/adriano-rosa">Adriano Rosa</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">775</span><span title="7 silver badges"><span class="badge2"></span><span class="badgecount">7</span></span><span title="11 bronze badges"><span class="badge3"></span><span class="badgecount">11</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-27879729" class="comments dno">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr><td></td><td></td></tr>
</tbody>
</table>
</div>
<div id="comments-link-27879729" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="28552592"></a>
<div id="answer-28552592" class="answer" data-answerid="28552592" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="28552592">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">3</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>I struggled to set this up for a domain running HTTPS, so I figured I would share the solution. I used the following directive in my <em>httpd.conf</em> file:</p>
<pre><code> &lt;FilesMatch "\.(ttf|otf|eot|woff)$"&gt;
SetEnvIf Origin "^http(s)?://(.+\.)?example\.com$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
&lt;/FilesMatch&gt;
</code></pre>
<p>Change <code>example.com</code> to your domain name. Add this inside <code>&lt;VirtualHost x.x.x.x:xx&gt;</code> in your <em>httpd.conf</em> file. Notice that if your <code>VirtualHost</code> has a port suffix (e.g. <code>:80</code>) then this directive will not apply to HTTPS, so you will need to also go to <em>/etc/apache2/sites-available/default-ssl</em> and add the same directive in that file, inside of the <code>&lt;VirtualHost _default_:443&gt;</code> section.</p>
<p>Once the config files are updated, you will need to run the following commands in the terminal:</p>
<pre><code>a2enmod headers
sudo service apache2 reload
</code></pre>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/28552592" title="short permalink to this answer" class="short-link" id="link-post-28552592">share</a><span class="lsep">|</span><a href="/posts/28552592/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info user-hover">
<div class="user-action-time">
answered <span title="2015-02-17 00:12:56Z" class="relativetime">Feb 17 at 0:12</span>
</div>
<div class="user-gravatar32">
<a href="/users/1399491/alex-w"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/a1cb3dec3a6f3411ce3460276e44b292?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/1399491/alex-w">Alex W</a><br>
<span class="reputation-score" title="reputation score 17096" dir="ltr">17.1k</span><span title="4 gold badges"><span class="badge1"></span><span class="badgecount">4</span></span><span title="39 silver badges"><span class="badge2"></span><span class="badgecount">39</span></span><span title="55 bronze badges"><span class="badge3"></span><span class="badgecount">55</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-28552592" class="comments ">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-45785566" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">I like this option and combined/modified it with the implementation that @George has. Sometimes servers don&#39;t have a2enmod available, so all you have to do is check your main httpd.conf to see if the line: LoadModule headers_module modules/mod_headers.so is uncommented.</span>
&ndash;&nbsp;<a href="/users/634386/mike-kormendy"
title="1276 reputation"
class="comment-user">Mike Kormendy</a>
<span class="comment-date" dir="ltr"><span title="2015-02-26 20:09:39Z" class="relativetime-clean">Feb 26 at 20:09</span></span>
</div>
</td>
</tr>
<tr id="comment-48110684" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">My origin had a port number, so I modified the regular expression to include that: <code>^http(s)?:&#47;&#47;(.+\.)?example\.com(:\d+)?$</code></span>
&ndash;&nbsp;<a href="/users/19719/indiv"
title="9508 reputation"
class="comment-user">indiv</a>
<span class="comment-date" dir="ltr"><span title="2015-05-01 21:43:09Z" class="relativetime-clean">May 1 at 21:43</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-28552592" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="31084390"></a>
<div id="answer-31084390" class="answer" data-answerid="31084390" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="31084390">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">3</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>For IIS 8.5 and Rewrite 2.0 you can use:</p>
<pre><code>&lt;system.webServer&gt;
&lt;httpProtocol&gt;
&lt;customHeaders&gt;
&lt;add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" /&gt;
&lt;add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,PUT,DELETE" /&gt;
&lt;/customHeaders&gt;
&lt;/httpProtocol&gt;
&lt;rewrite&gt;
&lt;outboundRules&gt;
&lt;clear /&gt;
&lt;rule name="AddCrossDomainHeader"&gt;
&lt;match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" /&gt;
&lt;conditions logicalGrouping="MatchAll" trackAllCaptures="true"&gt;
&lt;add input="{HTTP_ORIGIN}" pattern="(http(s)?://((.+\.)?domain1\.com|(.+\.)?domain2\.com|(.+\.)?domain3\.com))" /&gt;
&lt;/conditions&gt;
&lt;action type="Rewrite" value="{C:0}" /&gt;
&lt;/rule&gt;
&lt;/outboundRules&gt;
&lt;/rewrite&gt;
&lt;/system.webServer&gt;
</code></pre>
<p>Explaining the server variable: RESPONSE_Access_Control_Allow_Origin portion:</p>
<p>In Rewrite you can use any string after RESPONSE_ and it will create the Response Header using the rest of the word as the header name (in this case Access-Control-Allow-Origin). Rewrite uses underscores "_" instead of dashes "-" (rewrite converts them to dashes)</p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/31084390" title="short permalink to this answer" class="short-link" id="link-post-31084390">share</a><span class="lsep">|</span><a href="/posts/31084390/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2015-06-27 01:57:46Z" class="relativetime">Jun 27 at 1:57</span>
</div>
<div class="user-gravatar32">
<a href="/users/2293703/paco-zarate"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/4b1d58db8e4a4bf569134c2613ae168e?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/2293703/paco-zarate">Paco Zarate</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">143</span><span title="5 bronze badges"><span class="badge3"></span><span class="badgecount">5</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-31084390" class="comments ">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-54092196" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">Worked like a charm, thank you!</span>
&ndash;&nbsp;<a href="/users/109458/subkamran"
title="1935 reputation"
class="comment-user">subkamran</a>
<span class="comment-date" dir="ltr"><span title="2015-10-15 05:52:37Z" class="relativetime-clean">Oct 15 at 5:52</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-31084390" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="16362701"></a>
<div id="answer-16362701" class="answer" data-answerid="16362701" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="16362701">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">1</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>HTTP_ORIGIN is not used by all browsers. <a href="http://stackoverflow.com/questions/4566378/how-secure-http-origin-is">How secure HTTP_ORIGIN is?</a> For me it comes up empty in FF.<br>
I have the sites that I allow access to my site send over a site ID, I then check my DB for the record with that id and get the SITE_URL column value (www.yoursite.com). </p>
<pre><code>header('Access-Control-Allow-Origin: http://'.$row['SITE_URL']);
</code></pre>
<p>Even if the send over a valid site ID the request needs to be from the domain listed in my DB associated with that site ID.</p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/16362701" title="short permalink to this answer" class="short-link" id="link-post-16362701">share</a><span class="lsep">|</span><a href="/posts/16362701/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2013-05-03 15:39:29Z" class="relativetime">May 3 '13 at 15:39</span>
</div>
<div class="user-gravatar32">
<a href="/users/1198563/mathius1"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/aa160b72e979819572393deafdeaed09?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/1198563/mathius1">mathius1</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">868</span><span title="4 silver badges"><span class="badge2"></span><span class="badgecount">4</span></span><span title="12 bronze badges"><span class="badge3"></span><span class="badgecount">12</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-16362701" class="comments dno">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr><td></td><td></td></tr>
</tbody>
</table>
</div>
<div id="comments-link-16362701" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="19449927"></a>
<div id="answer-19449927" class="answer" data-answerid="19449927" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="19449927">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">1</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>Google's support answer on <a href="https://support.google.com/adxbuyer/answer/3202326?hl=en" rel="nofollow">serving ads over SSL</a> and the <a href="http://tools.ietf.org/html/rfc6454#section-7.1" rel="nofollow">grammar in the RFC itself</a> would seem to indicate that you can space delimit the URLs. Not sure how well-supported this is in different browsers.</p>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/19449927" title="short permalink to this answer" class="short-link" id="link-post-19449927">share</a><span class="lsep">|</span><a href="/posts/19449927/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
<a href="/posts/19449927/revisions" title="show all edits to this post">edited <span title="2013-10-18 12:46:03Z" class="relativetime">Oct 18 '13 at 12:46</span></a>
</div>
<div class="user-gravatar32">
</div>
<div class="user-details">
<br>
</div>
</div> </td>
<td align="right" class="post-signature">
<div class="user-info user-hover">
<div class="user-action-time">
answered <span title="2013-10-18 12:39:56Z" class="relativetime">Oct 18 '13 at 12:39</span>
</div>
<div class="user-gravatar32">
<a href="/users/90723/bob-aman"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/56ee28134dd0776825445e3551979b14?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/90723/bob-aman">Bob Aman</a><br>
<span class="reputation-score" title="reputation score 22680" dir="ltr">22.7k</span><span title="8 gold badges"><span class="badge1"></span><span class="badgecount">8</span></span><span title="44 silver badges"><span class="badge2"></span><span class="badgecount">44</span></span><span title="76 bronze badges"><span class="badge3"></span><span class="badgecount">76</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-19449927" class="comments ">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr id="comment-48025748" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">&#39;serving ads over ssl&#39; links to the spec <a href="http://www.w3.org/TR/cors/#access-control-allow-origin-response-header" rel="nofollow">w3.org/TR/cors/#access-control-allow-origin-response-header</a> which adds a note, &quot;In practice the origin-list-or-null production is more constrained. Rather than allowing a space-separated list of origins, it is either a single origin or the string &quot;null&quot;.</span>
&ndash;&nbsp;<a href="/users/117714/spazm"
title="1951 reputation"
class="comment-user">spazm</a>
<span class="comment-date" dir="ltr"><span title="2015-04-29 19:09:13Z" class="relativetime-clean">Apr 29 at 19:09</span></span>
</div>
</td>
</tr>
<tr id="comment-48169215" class="comment ">
<td>
<table>
<tbody>
<tr>
<td class=" comment-score">
&nbsp;&nbsp;
</td>
<td>
&nbsp;
</td>
</tr>
</tbody>
</table>
</td>
<td class="comment-text">
<div style="display: block;" class="comment-body">
<span class="comment-copy">While it&#39;s important to note that detail, when a specification says &quot;In practice&quot;, it doesn&#39;t mean that it&#39;s only valid to do it that way. It means that if you do it that way, you may run into problems because the majority of implementors either implement the spec incorrectly or incompletely. The specification does allow for a space-separated list of origins, which you can see here in the EBNF under <code>origin-list</code>: <a href="http://tools.ietf.org/html/rfc6454#section-7.1" rel="nofollow">tools.ietf.org/html/rfc6454#section-7.1</a></span>
&ndash;&nbsp;<a href="/users/90723/bob-aman"
title="22680 reputation"
class="comment-user">Bob Aman</a>
<span class="comment-date" dir="ltr"><span title="2015-05-04 08:55:13Z" class="relativetime-clean">May 4 at 8:55</span></span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="comments-link-19449927" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="24598573"></a>
<div id="answer-24598573" class="answer" data-answerid="24598573" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="24598573">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">1</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>If you are having trouble with fonts, use:</p>
<pre><code>&lt;FilesMatch "\.(ttf|ttc|otf|eot|woff)$"&gt;
&lt;IfModule mod_headers&gt;
Header set Access-Control-Allow-Origin "*"
&lt;/IfModule&gt;
&lt;/FilesMatch&gt;
</code></pre>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/24598573" title="short permalink to this answer" class="short-link" id="link-post-24598573">share</a><span class="lsep">|</span><a href="/posts/24598573/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2014-07-06 17:43:55Z" class="relativetime">Jul 6 '14 at 17:43</span>
</div>
<div class="user-gravatar32">
<a href="/users/1889828/noun"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/da1d3c13ee4273e32c261e0b611e6f30?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/1889828/noun">noun</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">1,411</span><span title="10 silver badges"><span class="badge2"></span><span class="badgecount">10</span></span><span title="15 bronze badges"><span class="badge3"></span><span class="badgecount">15</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-24598573" class="comments dno">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr><td></td><td></td></tr>
</tbody>
</table>
</div>
<div id="comments-link-24598573" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="17291979"></a>
<div id="answer-17291979" class="answer" data-answerid="17291979" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="17291979">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">0</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>PHP code example for matching subdomains.</p>
<pre><code>if( preg_match("/http:\/\/(.*?)\.yourdomain.com/", $_SERVER['HTTP_ORIGIN'], $matches )) {
$theMatch = $matches[0];
header('Access-Control-Allow-Origin: ' . $theMatch);
}
</code></pre>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/17291979" title="short permalink to this answer" class="short-link" id="link-post-17291979">share</a><span class="lsep">|</span><a href="/posts/17291979/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info user-hover">
<div class="user-action-time">
answered <span title="2013-06-25 07:53:30Z" class="relativetime">Jun 25 '13 at 7:53</span>
</div>
<div class="user-gravatar32">
<a href="/users/67268/blak3r"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/e5bc9ed167c173eea8e6ca7304666fd6?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/67268/blak3r">blak3r</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">6,648</span><span title="7 gold badges"><span class="badge1"></span><span class="badgecount">7</span></span><span title="46 silver badges"><span class="badge2"></span><span class="badgecount">46</span></span><span title="71 bronze badges"><span class="badge3"></span><span class="badgecount">71</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-17291979" class="comments dno">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr><td></td><td></td></tr>
</tbody>
</table>
</div>
<div id="comments-link-17291979" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="32593277"></a>
<div id="answer-32593277" class="answer" data-answerid="32593277" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="32593277">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">0</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>Here's a solution for Java, based the answer from yesthatguy. For more info, <a href="http://patrickgrimard.com/2013/12/12/cross-origin-resource-sharing-cors-requests-with-spring-mvc/" rel="nofollow">http://patrickgrimard.com/2013/12/12/cross-origin-resource-sharing-cors-requests-with-spring-mvc/</a></p>
<pre><code>@Provider
public class CORSResponseFilter implements ContainerResponseFilter{
@Override
public ContainerResponse filter(ContainerRequest request,
ContainerResponse response) {
String[] allowDomain = {"http://localhost:9000","https://my.domain.com"};
Set&lt;String&gt; allowedOrigins = new HashSet&lt;String&gt;(Arrays.asList (allowDomain));
String originHeader = request.getHeaderValue("Origin");
if(allowedOrigins.contains(originHeader)) {
response.getHttpHeaders().add("Access-Control-Allow-Origin", originHeader);
response.getHttpHeaders().add("Access-Control-Allow-Headers",
"origin, content-type, accept, authorization");
response.getHttpHeaders().add("Access-Control-Allow-Credentials", "true");
response.getHttpHeaders().add("Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS, HEAD");
}
return response;
}
}
</code></pre>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/32593277" title="short permalink to this answer" class="short-link" id="link-post-32593277">share</a><span class="lsep">|</span><a href="/posts/32593277/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2015-09-15 18:39:34Z" class="relativetime">Sep 15 at 18:39</span>
</div>
<div class="user-gravatar32">
<a href="/users/283779/duvo"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/e72eb72b0b4438928f089c048ac00bbf?s=32&amp;d=identicon&amp;r=PG&amp;f=1" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/283779/duvo">duvo</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">462</span><span title="2 gold badges"><span class="badge1"></span><span class="badgecount">2</span></span><span title="8 silver badges"><span class="badge2"></span><span class="badgecount">8</span></span><span title="17 bronze badges"><span class="badge3"></span><span class="badgecount">17</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-32593277" class="comments dno">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr><td></td><td></td></tr>
</tbody>
</table>
</div>
<div id="comments-link-32593277" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="28752438"></a>
<div id="answer-28752438" class="answer" data-answerid="28752438" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="28752438">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">0</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>Here's an expanded option for apache that includes some of the latest and planned font definitions:</p>
<pre><code>&lt;FilesMatch "\.(ttf|otf|eot|woff|woff2|sfnt|svg)$"&gt;
&lt;IfModule mod_headers.c&gt;
SetEnvIf Origin "^http(s)?://(.+\.)?(domainname1|domainname2|domainname3)\.(?:com|net|org)$" AccessControlAllowOrigin=$0$1$2
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials true
&lt;/IfModule&gt;
&lt;/FilesMatch&gt;
</code></pre>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/28752438" title="short permalink to this answer" class="short-link" id="link-post-28752438">share</a><span class="lsep">|</span><a href="/posts/28752438/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
<a href="/posts/28752438/revisions" title="show all edits to this post">edited <span title="2015-10-15 22:31:33Z" class="relativetime">Oct 15 at 22:31</span></a>
</div>
<div class="user-gravatar32">
</div>
<div class="user-details">
<br>
</div>
</div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2015-02-26 20:46:21Z" class="relativetime">Feb 26 at 20:46</span>
</div>
<div class="user-gravatar32">
<a href="/users/634386/mike-kormendy"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/49e049f73ecf58ecfb150634a9097bbf?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/634386/mike-kormendy">Mike Kormendy</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">1,276</span><span title="1 gold badge"><span class="badge1"></span><span class="badgecount">1</span></span><span title="7 silver badges"><span class="badge2"></span><span class="badgecount">7</span></span><span title="11 bronze badges"><span class="badge3"></span><span class="badgecount">11</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-28752438" class="comments dno">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr><td></td><td></td></tr>
</tbody>
</table>
</div>
<div id="comments-link-28752438" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="33613114"></a>
<div id="answer-33613114" class="answer" data-answerid="33613114" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="33613114">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">0</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>As mentioned above, Access-Control-Allow-Origin should be unique and Vary should be set to Origin if you are behind a CDN.
Relevant part of my Nginx conf:</p>
<pre><code>if ($http_origin ~* (https?://.*\.mydomain.com(:[0-9]+)?))
set $cors "true";
}
if ($cors = "true") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'X-Frame-Options' "ALLOW FROM $http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Vary' 'Origin';
}
</code></pre>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/33613114" title="short permalink to this answer" class="short-link" id="link-post-33613114">share</a><span class="lsep">|</span><a href="/posts/33613114/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info ">
<div class="user-action-time">
answered <span title="2015-11-09 15:59:29Z" class="relativetime">Nov 9 at 15:59</span>
</div>
<div class="user-gravatar32">
<a href="/users/3365529/ouiea"><div class="gravatar-wrapper-32"><img src="https://www.gravatar.com/avatar/bdb4564e0822d343fc0175f7243d9f10?s=32&amp;d=identicon&amp;r=PG" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/3365529/ouiea">ouiea</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">24</span><span title="2 bronze badges"><span class="badge3"></span><span class="badgecount">2</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-33613114" class="comments dno">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr><td></td><td></td></tr>
</tbody>
</table>
</div>
<div id="comments-link-33613114" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<a name="29368146"></a>
<div id="answer-29368146" class="answer" data-answerid="29368146" itemscope itemtype="http://schema.org/Answer">
<table>
<tr>
<td class="votecell">
<div class="vote">
<input type="hidden" name="_id_" value="29368146">
<a class="vote-up-off" title="This answer is useful">up vote</a>
<span itemprop="upvoteCount" class="vote-count-post ">-1</span>
<a class="vote-down-off" title="This answer is not useful">down vote</a>
</div>
</td>
<td class="answercell">
<div class="post-text" itemprop="text">
<p>We can also set this in Global.asax file for Asp.net application.</p>
<pre><code>protected void Application_BeginRequest(object sender, EventArgs e)
{
// enable CORS
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "https://www.youtube.com");
}
</code></pre>
</div>
<table class="fw">
<tr>
<td class="vt">
<div class="post-menu"><a href="/a/29368146" title="short permalink to this answer" class="short-link" id="link-post-29368146">share</a><span class="lsep">|</span><a href="/posts/29368146/edit" class="suggest-edit-post" title="">improve this answer</a></div> </td>
<td align="right" class="post-signature">
<div class="user-info user-hover">
<div class="user-action-time">
answered <span title="2015-03-31 11:59:45Z" class="relativetime">Mar 31 at 11:59</span>
</div>
<div class="user-gravatar32">
<a href="/users/1395266/sudhansu63"><div class="gravatar-wrapper-32"><img src="https://i.stack.imgur.com/FYakp.jpg?s=32&amp;g=1" alt="" width="32" height="32"></div></a>
</div>
<div class="user-details">
<a href="/users/1395266/sudhansu63">sudhAnsu63</a><br>
<span class="reputation-score" title="reputation score " dir="ltr">3,029</span><span title="3 gold badges"><span class="badge1"></span><span class="badgecount">3</span></span><span title="13 silver badges"><span class="badge2"></span><span class="badgecount">13</span></span><span title="34 bronze badges"><span class="badge3"></span><span class="badgecount">34</span></span>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="votecell"></td>
<td>
<div id="comments-29368146" class="comments dno">
<table>
<tbody data-remaining-comments-count="0"
data-canpost="false"
data-cansee="true"
data-comments-unavailable="false"
data-addlink-disabled="true">
<tr><td></td><td></td></tr>
</tbody>
</table>
</div>
<div id="comments-link-29368146" data-rep=50 data-anon=true>
<a class="js-add-link comments-link disabled-link "
title="Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”."
>add a comment</a><span class="js-link-separator dno">&nbsp;|&nbsp;</span>
<a class="js-show-link comments-link dno" title="expand to show all comments on this post" href=# onclick=""></a>
</div>
</td>
</tr> </table>
</div>
<div class="question-status">
<h2> <b>protected</b> by <a href="/users/-1/community">Community</a><span class="mod-flair" title="moderator">&#9830;</span> <span dir="ltr"><span title="2012-06-13 11:10:27Z" class="relativetime">Jun 13 '12 at 11:10</span></span>
</h2>
<p>
Thank you for your interest in this question.
Because it has attracted low-quality answers, posting an answer now requires 10 <a href="/help/whats-reputation">reputation</a> on this site.
<br /><br />
Would you like to answer one of these <a href="/unanswered?fromProtectedNotice=true">unanswered questions</a> instead?
</p>
</div>
<h2 class="bottom-notice" data-loc="1">
Not the answer you&#39;re looking for? Browse other questions tagged <a href="/questions/tagged/http" class="post-tag" title="show questions tagged &#39;http&#39;" rel="tag">http</a> <a href="/questions/tagged/.htaccess" class="post-tag" title="show questions tagged &#39;.htaccess&#39;" rel="tag">.htaccess</a> <a href="/questions/tagged/xmlhttprequest" class="post-tag" title="show questions tagged &#39;xmlhttprequest&#39;" rel="tag">xmlhttprequest</a> <a href="/questions/tagged/cross-domain" class="post-tag" title="show questions tagged &#39;cross-domain&#39;" rel="tag">cross-domain</a> or <a href="/questions/ask">ask your own question</a>. </h2>
</div>
</div>
<div id="sidebar" class="show-votes">
<div class="module question-stats">
<table id="qinfo">
<tr>
<td>
<p class="label-key">asked</p>
</td>
<td style="padding-left: 10px">
<p class="label-key" title="2009-10-31 03:27:44Z"><b>6 years ago</b></p>
</td>
</tr>
<tr>
<td>
<p class="label-key">viewed</p>
</td>
<td style="padding-left: 10px">
<p class="label-key">
<b>321256 times</b>
</p>
</td>
</tr>
<tr>
<td>
<p class="label-key">active</p>
</td>
<td style="padding-left: 10px">
<p class="label-key"><b><a href="?lastactivity" class="lastactivity-link" title="2015-11-09 15:59:29Z">9 days ago</a></b></p>
</td>
</tr>
</table>
</div>
<div class="module community-bulletin" data-tracker="cb=1">
<div class="related">
<div class="bulletin-title">
Upcoming Events
</div>
<hr />
<div class="spacer bulletin-item-important">
<div class="bulletin-item-type"><a href="http://stackoverflow.com/election" class="question-hyperlink"><div class="favicon favicon-stackoverflow" title="Stack Overflow"></div></a></div>
<div class="bulletin-item-content">
<a href="http://stackoverflow.com/election" class="question-hyperlink">2015 Community Moderator Election</a>
<div>ends <span title="2015-11-24 20:00:00Z" class="relativetime">in 6 days</span></div>
</div>
<br class="cbt" />
</div>
<div class="bulletin-title">
Blog
</div>
<hr />
<div class="spacer">
<div class="bulletin-item-type">
<a href="http://blog.stackoverflow.com/2015/11/how-to-target-your-job-listing/" class="question-hyperlink">
<div class="favicon favicon-stackexchangemeta" title="Meta Stack Exchange"></div> </a>
</div>
<div class="bulletin-item-content">
<a href="http://blog.stackoverflow.com/2015/11/how-to-target-your-job-listing/" class="question-hyperlink">How To Target Job Listings Effectively</a>
</div>
<br class="cbt" />
</div>
</div>
</div>
<script>
var ados = ados || {}; ados.run = ados.run || [];
ados.run.push(function () { ados_add_placement(22,8277,"adzerk1554053997",[17,2221]).setZone(45); });
</script>
<div class="everyonelovesstackoverflow" id="adzerk1554053997">
</div>
<div id="hireme">
<script>
(function(){function f(t,r,f,e){var s=(r.cl||[]).join(" "),o=i.getElementById(t);o&&(s&&(o.className+=" "+s),o.innerHTML=r.cn.replace("&pt=0","&pt="+(e||"0")),o.onmousedown=function(t){var i,s,e,h,c,l;for(console.log(),i=t.target;i.tagName!=="A"&&i!==o;)i=i.parentNode;if(i!=o){for(s=n.enc,e=f,r.an&&(e+="?an="+r.an),h=0;h<i.attributes.length;++h)c=i.attributes[h],l=c.name.match(/^data-(.*)$/),l&&(e+="&"+s(l[1])+"="+s(c.value));e+="&utm="+s(u+r.utm);i.href=e}})}function e(){return[].map.call(n.qsa(".post-taglist .post-tag"),function(n){return n.innerText}).join(";")||null}if(!window.clc){var t=window,i=document,r=i.getElementsByTagName("head")[0],u="&utm_source="+location.hostname+"&utm_medium=ad&utm_campaign=",n={doc:i,head:r,enc:encodeURIComponent,dec:decodeURIComponent,se:t.StackExchange,ts:function(){return(new Date).getTime()},st:setTimeout,ct:clearTimeout,qsa:function(n){return document.querySelectorAll(n)}};n.as=function(n){var t=i.createElement("link");t.type="text/css";t.rel="stylesheet";t.href=n;r.appendChild(t)};n.ls=function(n,t,u){var f=i.createElement("script"),e=!1;f.async=!0;f.src=n;t&&(f.onload=f.onreadystatechange=function(){e||this.readyState&&this.readyState!=="loaded"&&this.readyState!=="complete"||(e=!0,t(f),f.onload=f.onreadystatechange=null,u&&f.parentNode.removeChild(f))});r.appendChild(f)};n.init=function(i){function o(){i.st.forEach(n.as);u.forEach(function(n){f(n,i.cr[n],r,e)});typeof t.clc_after_init=="function"&&t.clc_after_init()}var u=Object.keys(i.cr),r="//"+i.h+i.ct,e=n.cps?n.ts()-n.cps:0;i.an&&(r+="?an="+i.an);o()};n.lo=function(i){var u,f=t.location.hash,s=n.dec,r=n.se,o;i=i||{};switch(f){case"#large":i.l=1;break;case"#abort":i.abort=1;break;default:f.length>0&&f.substr(1).split("&").forEach(function(n){var t=n.split("=",2);this[s(t[0])]=s(t[1])},i)}return o=i.ac||i.accountid||r&&r.options&&r.options.user&&r.options.user.accountId,o&&(i.ac=o),i.tags||(u=e(),u&&(i.tags=u)),i};n.o2q=function(t,i){var r=n.enc;return Object.keys(t).filter(function(n){return i.indexOf(n)!==-1}).map(function(n){return r(n)+"="+r(t[n])}).join("&")};n.load=function(i,r,u){n.ls(i+"?"+n.o2q(r,u),function(){typeof t.clc_loaded=="function"&&t.clc_loaded()});n.cps=n.ts()};n.el=function(t){var i=n.qsa(t);return i.length>0?i[0]:null};n.hc=function(n){return n&&n.innerHTML&&n.innerHTML.replace(/\s+/g,"").length>0};n.wfc=function(t,i,r,u){function c(){n.hc(s)?(f(o),f(e),u(!0)):e=h(c,i)}function l(){f(e);u(!1)}var s=n.el(t),h=n.st,f=n.ct,o,e;if(s!==null)return c(),r&&(o=h(l,r)),function(){e&&f(e);o&&f(o)}};t.clc=n}})();;(function(n){function c(){var n=t.el(f);t.hc(n)||(n.parentNode.removeChild(n),typeof u=="function"&&u())}function l(u){if(!e){e=!0;var f=t.qsa("#"+i.d);f.length!==0&&(u||(i.azt=!0),i.lw=t.ts()-s,i.l||document.getElementById("careersadsdoublehigh")===null||(i.l=1),typeof r.innerWidth=="number"&&(i.bw=r.innerWidth),t.load(n.adurl,i,["d","l","ip","ac","eng","prov","tags","theme","remote","seed","lw","azt","sysadmin","bw"]))}}var r=window,t=r.clc,s=t.ts(),h=t.st,v=t.ct,f="#sidebar [id^='adzerk'].everyonelovesstackoverflow",i=t.lo({d:"hireme"}),e,u,o,a;i.abort||(o=null,u=t.wfc(f,20,o,l),a=h(c,2e3))}).call(null, {"adurl":"//clc.stackoverflow.com/j/p.js"}); </script>
</div>
<div class="module sidebar-linked">
<h4 id="h-linked">Linked</h4>
<div class="linked" data-tracker="lq=1">
<div class="spacer">
<a href="/q/26996446" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">0</div>
</a>
<a href="/questions/26996446/how-to-implement-cors-access-control-allow-origin-correctly" class="question-hyperlink">How to implement CORS (Access-Control-Allow-Origin) correctly?</a>
</div><div class="spacer">
<a href="/q/7564832" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">59</div>
</a>
<a href="/questions/7564832/how-to-bypass-access-control-allow-origin" class="question-hyperlink">how to bypass Access-Control-Allow-Origin?</a>
</div><div class="spacer">
<a href="/q/5008944" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">71</div>
</a>
<a href="/questions/5008944/how-to-add-an-access-control-allow-origin-header" class="question-hyperlink">How to add an Access-Control-Allow-Origin header</a>
</div><div class="spacer">
<a href="/q/2892691" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">44</div>
</a>
<a href="/questions/2892691/font-face-fonts-only-work-on-their-own-domain" class="question-hyperlink">@font-face fonts only work on their own domain</a>
</div><div class="spacer">
<a href="/q/19743396" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">47</div>
</a>
<a href="/questions/19743396/cors-cannot-use-wildcard-in-access-control-allow-origin-when-credentials-flag-i" class="question-hyperlink">CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true</a>
</div><div class="spacer">
<a href="/q/4566378" title="Vote score (upvotes - downvotes)">
<div class="answer-votes default">5</div>
</a>
<a href="/questions/4566378/how-secure-is-http-origin" class="question-hyperlink">How secure is HTTP_ORIGIN?</a>
</div><div class="spacer">
<a href="/q/9466496" title="Vote score (upvotes - downvotes)">
<div class="answer-votes default">11</div>
</a>
<a href="/questions/9466496/how-to-configure-apache-to-handle-multiple-domains-with-access-control-allow-ori" class="question-hyperlink">How to configure apache to handle multiple domains with Access-Control-Allow-Origin header?</a>
</div><div class="spacer">
<a href="/q/8074665" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">14</div>
</a>
<a href="/questions/8074665/cross-origin-resource-sharing-with-credentials" class="question-hyperlink">Cross Origin Resource Sharing with Credentials</a>
</div><div class="spacer">
<a href="/q/9614605" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">7</div>
</a>
<a href="/questions/9614605/cross-origin-resource-sharing-for-tomcat-5-5" class="question-hyperlink">Cross-origin resource sharing for Tomcat 5.5</a>
</div><div class="spacer">
<a href="/q/27009425" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">7</div>
</a>
<a href="/questions/27009425/how-can-i-fix-the-missing-cross-origin-resource-sharing-cors-response-header" class="question-hyperlink">How can I fix the &#39;Missing Cross-Origin Resource Sharing (CORS) Response Header&#39; webfont issue?</a>
</div> <div class="spacer more">
<a href="/questions/linked/1653308">see more linked questions…</a>
</div>
</div>
</div>
<div class="module sidebar-related">
<h4 id="h-related">Related</h4>
<div class="related js-gps-related-questions" data-tracker="rq=1">
<div class="spacer">
<a href="/q/3595515" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted large">408
</div>
</a><a href="/questions/3595515/xmlhttprequest-error-origin-null-is-not-allowed-by-access-control-allow-origin" class="question-hyperlink">XmlHttpRequest error: Origin null is not allowed by Access-Control-Allow-Origin</a>
</div>
<div class="spacer">
<a href="/q/4718231" title="Vote score (upvotes - downvotes)">
<div class="answer-votes default">0
</div>
</a><a href="/questions/4718231/jquery-load-access-control-allow-origin" class="question-hyperlink">jQuery .load() Access-Control-Allow-Origin</a>
</div>
<div class="spacer">
<a href="/q/5224017" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">49
</div>
</a><a href="/questions/5224017/origin-null-is-not-allowed-by-access-control-allow-origin-in-chrome-why" class="question-hyperlink">&ldquo;Origin null is not allowed by Access-Control-Allow-Origin&rdquo; in Chrome. Why?</a>
</div>
<div class="spacer">
<a href="/q/8634874" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">1
</div>
</a><a href="/questions/8634874/chrome-extension-xhr-cross-domain-request-gives-erroris-not-allowed-by-access" class="question-hyperlink">Chrome extension xhr cross domain request gives error:&ldquo;is not allowed by Access-Control-Allow-Origin.&rdquo;</a>
</div>
<div class="spacer">
<a href="/q/10636611" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted large">193
</div>
</a><a href="/questions/10636611/how-does-access-control-allow-origin-header-work" class="question-hyperlink">How does Access-Control-Allow-Origin header work?</a>
</div>
<div class="spacer">
<a href="/q/12744278" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">7
</div>
</a><a href="/questions/12744278/access-control-allow-origin-syntax" class="question-hyperlink">Access-Control-Allow-Origin syntax</a>
</div>
<div class="spacer">
<a href="/q/18286786" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">0
</div>
</a><a href="/questions/18286786/cross-domain-xhr-failing-inspite-of-access-control-allow-origin-header" class="question-hyperlink">Cross Domain XHR failing inspite of Access-Control-Allow-Origin header</a>
</div>
<div class="spacer">
<a href="/q/20673882" title="Vote score (upvotes - downvotes)">
<div class="answer-votes default">14
</div>
</a><a href="/questions/20673882/handle-multiple-domains-with-access-control-allow-origin-header-in-apache" class="question-hyperlink">handle multiple domains with Access-Control-Allow-Origin header in Apache</a>
</div>
<div class="spacer">
<a href="/q/25309318" title="Vote score (upvotes - downvotes)">
<div class="answer-votes answered-accepted default">8
</div>
</a><a href="/questions/25309318/best-method-access-control-allow-origin-multiple-origin-domains" class="question-hyperlink">Best method: Access-Control-Allow-Origin Multiple Origin Domains</a>
</div>
<div class="spacer">
<a href="/q/30319437" title="Vote score (upvotes - downvotes)">
<div class="answer-votes default">2
</div>
</a><a href="/questions/30319437/http-access-control-allow-origin-multiple-domains" class="question-hyperlink">HTTP - Access-Control-Allow-Origin multiple domains</a>
</div>
</div>
</div>
<div id="hot-network-questions" class="module">
<h4>
<a href="//stackexchange.com/questions?tab=hot"
class="js-gps-track"
data-gps-track="posts_hot_network.click({ item_type:1, location:11 })">
Hot Network Questions
</a>
</h4>
<ul>
<li >
<div class="favicon favicon-rpg" title="Role-playing Games Stack Exchange"></div><a href="http://rpg.stackexchange.com/questions/71172/can-you-cast-polymorph-on-a-dead-thing" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:122 }); posts_hot_network.click({ item_type:2, location:11 })">
Can you cast polymorph on a dead thing?
</a>
</li>
<li >
<div class="favicon favicon-rpg" title="Role-playing Games Stack Exchange"></div><a href="http://rpg.stackexchange.com/questions/71211/can-a-monk-wear-mage-armor-without-losing-their-wisdom-bonus-to-ac" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:122 }); posts_hot_network.click({ item_type:2, location:11 })">
Can a monk “wear” Mage Armor without losing their wisdom bonus to AC?
</a>
</li>
<li >
<div class="favicon favicon-academia" title="Academia Stack Exchange"></div><a href="http://academia.stackexchange.com/questions/58382/sign-application-cover-letter-with-phd-or-not" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:415 }); posts_hot_network.click({ item_type:2, location:11 })">
Sign application cover letter with &quot;PhD&quot; or not?
</a>
</li>
<li >
<div class="favicon favicon-matheducators" title="Mathematics Educators Stack Exchange"></div><a href="http://matheducators.stackexchange.com/questions/10004/what-could-be-good-non-mathematical-analogies-to-explain-the-difference-between" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:548 }); posts_hot_network.click({ item_type:2, location:11 })">
What could be good non-mathematical analogies to explain the difference between the words theorem, proposition, lemma and corollaries?
</a>
</li>
<li >
<div class="favicon favicon-scifi" title="Science Fiction &amp; Fantasy Stack Exchange"></div><a href="http://scifi.stackexchange.com/questions/108165/did-thor-actually-pulverize-sokovia-with-brute-force" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:186 }); posts_hot_network.click({ item_type:2, location:11 })">
Did Thor actually pulverize Sokovia with brute force?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-mathoverflow" title="MathOverflow"></div><a href="http://mathoverflow.net/questions/223938/minimal-maximal-subgroup-of-the-symmetric-group" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:504 }); posts_hot_network.click({ item_type:2, location:11 })">
minimal maximal subgroup of the symmetric group
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-gaming" title="Arqade"></div><a href="http://gaming.stackexchange.com/questions/244113/whats-the-point-of-the-radiation-gauge-when-using-power-armor" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:41 }); posts_hot_network.click({ item_type:2, location:11 })">
What&#39;s the point of the radiation gauge when using power armor?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-english" title="English Language &amp; Usage Stack Exchange"></div><a href="http://english.stackexchange.com/questions/288119/image-is-to-pixelated-as-a-song-is-to" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:97 }); posts_hot_network.click({ item_type:2, location:11 })">
Image is to pixelated as a song is to ___?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-stats" title="Cross Validated"></div><a href="http://stats.stackexchange.com/questions/182377/deep-neural-networks-just-for-image-classification" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:65 }); posts_hot_network.click({ item_type:2, location:11 })">
Deep neural networks -- Just for image classification?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-programmers" title="Programmers Stack Exchange"></div><a href="http://programmers.stackexchange.com/questions/302892/is-client-side-validation-really-all-that-important-always" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:131 }); posts_hot_network.click({ item_type:2, location:11 })">
Is client-side validation really all that important, always?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-german" title="German Language Stack Exchange"></div><a href="http://german.stackexchange.com/questions/26639/how-to-refer-to-a-woman-based-on-her-age" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:253 }); posts_hot_network.click({ item_type:2, location:11 })">
How to refer to a woman based on her age?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-history" title="History Stack Exchange"></div><a href="http://history.stackexchange.com/questions/26435/were-there-elections-in-france-under-the-absolute-monarchy" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:324 }); posts_hot_network.click({ item_type:2, location:11 })">
Were there elections in France under the absolute monarchy?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-cooking" title="Seasoned Advice"></div><a href="http://cooking.stackexchange.com/questions/63613/is-there-any-way-to-kill-bacteria-in-food-without-using-heat" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:49 }); posts_hot_network.click({ item_type:2, location:11 })">
Is there any way to kill bacteria in food without using heat?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-superuser" title="Super User"></div><a href="http://superuser.com/questions/1002250/recover-word-documents-from-computer-lab-pc-when-source-usb-drive-no-longer-ex" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:3 }); posts_hot_network.click({ item_type:2, location:11 })">
Recover Word documents from computer lab PC when source (USB) drive no longer exists?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-parenting" title="Parenting Stack Exchange"></div><a href="http://parenting.stackexchange.com/questions/23037/my-2-5-years-old-daughter-asks-to-learn-to-read" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:228 }); posts_hot_network.click({ item_type:2, location:11 })">
My 2.5 years old daughter asks to learn to read
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-academia" title="Academia Stack Exchange"></div><a href="http://academia.stackexchange.com/questions/58433/why-are-ph-d-admission-numbers-low" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:415 }); posts_hot_network.click({ item_type:2, location:11 })">
Why are Ph.D admission numbers low?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-academia" title="Academia Stack Exchange"></div><a href="http://academia.stackexchange.com/questions/58257/why-do-professors-want-to-make-sure-that-their-notes-written-on-the-blackboard-w" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:415 }); posts_hot_network.click({ item_type:2, location:11 })">
Why do professors want to make sure that their notes written on the blackboard will not be published?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-mathematica" title="Mathematica Stack Exchange"></div><a href="http://mathematica.stackexchange.com/questions/99805/how-can-i-create-currying-functions-using-pure-function-syntax" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:387 }); posts_hot_network.click({ item_type:2, location:11 })">
How can I create currying functions using pure function syntax?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-academia" title="Academia Stack Exchange"></div><a href="http://academia.stackexchange.com/questions/58446/can-copyright-prevent-claims-of-self-plagiarism" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:415 }); posts_hot_network.click({ item_type:2, location:11 })">
Can copyright prevent claims of self-plagiarism?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-worldbuilding" title="Worldbuilding Stack Exchange"></div><a href="http://worldbuilding.stackexchange.com/questions/29960/why-would-someone-want-to-be-free-if-slavery-offers-better-quality-of-life" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:579 }); posts_hot_network.click({ item_type:2, location:11 })">
Why would someone want to be free if slavery offers better quality of life?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-rpg" title="Role-playing Games Stack Exchange"></div><a href="http://rpg.stackexchange.com/questions/71206/are-the-basic-rules-pdfs-enough-to-get-into-dd-or-do-i-need-the-players-handb" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:122 }); posts_hot_network.click({ item_type:2, location:11 })">
Are the Basic Rules PDFs enough to get into D&amp;D, or do I need the Player&#39;s Handbook?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-english" title="English Language &amp; Usage Stack Exchange"></div><a href="http://english.stackexchange.com/questions/288092/is-there-a-word-for-the-length-of-time-from-birth-to-the-age-of-majority" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:97 }); posts_hot_network.click({ item_type:2, location:11 })">
Is there a word for &quot;the length of time from birth to the age of majority&quot;?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-outdoors" title="The Great Outdoors Stack Exchange"></div><a href="http://outdoors.stackexchange.com/questions/9849/how-to-react-to-cattle-charging-towards-you" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:395 }); posts_hot_network.click({ item_type:2, location:11 })">
How to react to cattle charging towards you?
</a>
</li>
<li class="dno js-hidden">
<div class="favicon favicon-blender" title="Blender Stack Exchange"></div><a href="http://blender.stackexchange.com/questions/41783/is-it-possible-to-simulate-a-long-exposure-shot-in-blender" class="js-gps-track" data-gps-track="site.switch({ item_type:11, target_site:502 }); posts_hot_network.click({ item_type:2, location:11 })">
Is it possible to simulate a long exposure shot in Blender?
</a>
</li>
</ul>
<a href="#"
class="show-more js-show-more js-gps-track"
data-gps-track="posts_hot_network.click({ item_type:3, location:11 })">
more hot questions
</a>
</div>
</div>
<div id="feed-link">
<div id="feed-link-text">
<a href="/feeds/question/1653308" title="feed of this question and its answers">
<span class="feed-icon"></span>question feed
</a>
</div>
</div> <script>
StackExchange.ready(function(){$.get('/posts/1653308/ivc/c967');});
</script>
<noscript>
<div><img src="/posts/1653308/ivc/c967" class="dno" alt="" width="0" height="0"></div>
</noscript><div style="display:none" id="prettify-lang"></div></div>
</div>
</div>
<div id="footer" class="categories">
<div class="footerwrap">
<div id="footer-menu">
<div class="top-footer-links">
<a href="/tour">tour</a>
<a href="/help">help</a>
<a href="http://blog.stackoverflow.com?blb=1">blog</a>
<a href="http://chat.stackoverflow.com">chat</a>
<a href="http://data.stackexchange.com">data</a>
<a href="http://stackexchange.com/legal">legal</a>
<a href="http://stackexchange.com/legal/privacy-policy">privacy policy</a>
<a href="http://stackexchange.com/work-here">work here</a>
<a href="http://stackexchange.com/mediakit">advertising info</a>
<a onclick='StackExchange.switchMobile("on")'>mobile</a>
<b><a href="/contact">contact us</a></b>
<b><a href="http://meta.stackoverflow.com">feedback</a></b>
</div>
<div id="footer-sites">
<table>
<tr>
<th colspan=3>
Technology
</th>
<th >
Life / Arts
</th>
<th >
Culture / Recreation
</th>
<th >
Science
</th>
<th >
Other
</th>
</tr>
<tr>
<td>
<ol>
<li><a href="//stackoverflow.com" title="professional and enthusiast programmers">Stack Overflow</a></li>
<li><a href="//serverfault.com" title="system and network administrators">Server Fault</a></li>
<li><a href="//superuser.com" title="computer enthusiasts and power users">Super User</a></li>
<li><a href="//webapps.stackexchange.com" title="power users of web applications">Web Applications</a></li>
<li><a href="//askubuntu.com" title="Ubuntu users and developers">Ask Ubuntu</a></li>
<li><a href="//webmasters.stackexchange.com" title="pro webmasters">Webmasters</a></li>
<li><a href="//gamedev.stackexchange.com" title="professional and independent game developers">Game Development</a></li>
<li><a href="//tex.stackexchange.com" title="users of TeX, LaTeX, ConTeXt, and related typesetting systems">TeX - LaTeX</a></li>
</ol></td><td><ol>
<li><a href="//programmers.stackexchange.com" title="professional programmers interested in conceptual questions about software development">Programmers</a></li>
<li><a href="//unix.stackexchange.com" title="users of Linux, FreeBSD and other Un*x-like operating systems">Unix &amp; Linux</a></li>
<li><a href="//apple.stackexchange.com" title="power users of Apple hardware and software">Ask Different (Apple)</a></li>
<li><a href="//wordpress.stackexchange.com" title="WordPress developers and administrators">WordPress Development</a></li>
<li><a href="//gis.stackexchange.com" title="cartographers, geographers and GIS professionals">Geographic Information Systems</a></li>
<li><a href="//electronics.stackexchange.com" title="electronics and electrical engineering professionals, students, and enthusiasts">Electrical Engineering</a></li>
<li><a href="//android.stackexchange.com" title="enthusiasts and power users of the Android operating system">Android Enthusiasts</a></li>
<li><a href="//security.stackexchange.com" title="information security professionals">Information Security</a></li>
</ol></td><td><ol>
<li><a href="//dba.stackexchange.com" title="database professionals who wish to improve their database skills and learn from others in the community">Database Administrators</a></li>
<li><a href="//drupal.stackexchange.com" title="Drupal developers and administrators">Drupal Answers</a></li>
<li><a href="//sharepoint.stackexchange.com" title="SharePoint enthusiasts">SharePoint</a></li>
<li><a href="//ux.stackexchange.com" title="user experience researchers and experts">User Experience</a></li>
<li><a href="//mathematica.stackexchange.com" title="users of Mathematica">Mathematica</a></li>
<li><a href="//salesforce.stackexchange.com" title="Salesforce administrators, implementation experts, developers and anybody in-between">Salesforce</a></li>
<li><a href="//expressionengine.stackexchange.com" title="administrators, end users, developers and designers for ExpressionEngine&#174; CMS">ExpressionEngine&#174; Answers</a></li>
<li>
<a href="http://stackexchange.com/sites#technology" class="more">
more (13)
</a>
</li>
</ol>
</td>
<td>
<ol>
<li><a href="//photo.stackexchange.com" title="professional, enthusiast and amateur photographers">Photography</a></li>
<li><a href="//scifi.stackexchange.com" title="science fiction and fantasy enthusiasts">Science Fiction &amp; Fantasy</a></li>
<li><a href="//graphicdesign.stackexchange.com" title="Graphic Design professionals, students, and enthusiasts">Graphic Design</a></li>
<li><a href="//movies.stackexchange.com" title="movie and tv enthusiasts">Movies &amp; TV</a></li>
<li><a href="//cooking.stackexchange.com" title="professional and amateur chefs">Seasoned Advice (cooking)</a></li>
<li><a href="//diy.stackexchange.com" title="contractors and serious DIYers">Home Improvement</a></li>
<li><a href="//money.stackexchange.com" title="people who want to be financially literate">Personal Finance &amp; Money</a></li>
<li><a href="//academia.stackexchange.com" title="academics and those enrolled in higher education">Academia</a></li>
<li>
<a href="http://stackexchange.com/sites#lifearts" class="more">
more (9)
</a>
</li>
</ol>
</td>
<td>
<ol>
<li><a href="//english.stackexchange.com" title="linguists, etymologists, and serious English language enthusiasts">English Language &amp; Usage</a></li>
<li><a href="//skeptics.stackexchange.com" title="scientific skepticism">Skeptics</a></li>
<li><a href="//judaism.stackexchange.com" title="those who base their lives on Jewish law and tradition and anyone interested in learning more">Mi Yodeya (Judaism)</a></li>
<li><a href="//travel.stackexchange.com" title="road warriors and seasoned travelers">Travel</a></li>
<li><a href="//christianity.stackexchange.com" title="committed Christians, experts in Christianity and those interested in learning more">Christianity</a></li>
<li><a href="//gaming.stackexchange.com" title="passionate videogamers on all platforms">Arqade (gaming)</a></li>
<li><a href="//bicycles.stackexchange.com" title="people who build and repair bicycles, people who train cycling, or commute on bicycles">Bicycles</a></li>
<li><a href="//rpg.stackexchange.com" title="gamemasters and players of tabletop, paper-and-pencil role-playing games">Role-playing Games</a></li>
<li>
<a href="http://stackexchange.com/sites#culturerecreation" class="more">
more (21)
</a>
</li>
</ol>
</td>
<td>
<ol>
<li><a href="//math.stackexchange.com" title="people studying math at any level and professionals in related fields">Mathematics</a></li>
<li><a href="//stats.stackexchange.com" title="people interested in statistics, machine learning, data analysis, data mining, and data visualization">Cross Validated (stats)</a></li>
<li><a href="//cstheory.stackexchange.com" title="theoretical computer scientists and researchers in related fields">Theoretical Computer Science</a></li>
<li><a href="//physics.stackexchange.com" title="active researchers, academics and students of physics">Physics</a></li>
<li><a href="//mathoverflow.net" title="professional mathematicians">MathOverflow</a></li>
<li><a href="//chemistry.stackexchange.com" title="scientists, academics, teachers and students">Chemistry</a></li>
<li><a href="//biology.stackexchange.com" title="biology researchers, academics, and students">Biology</a></li>
<li>
<a href="http://stackexchange.com/sites#science" class="more">
more (5)
</a>
</li>
</ol>
</td>
<td>
<ol>
<li><a href="//stackapps.com" title="apps, scripts, and development with the Stack Exchange API">Stack Apps</a></li>
<li><a href="//meta.stackexchange.com" title="meta-discussion of the Stack Exchange family of Q&amp;A websites">Meta Stack Exchange</a></li>
<li><a href="//area51.stackexchange.com" title="proposing new sites in the Stack Exchange network">Area 51</a></li>
<li><a href="//careers.stackoverflow.com">Stack Overflow Careers</a></li>
</ol>
</td>
</tr>
</table>
</div>
</div>
<div id="copyright">
site design / logo &#169; 2015 Stack Exchange Inc; user contributions licensed under <a href="http://creativecommons.org/licenses/by-sa/3.0/" rel="license">cc by-sa 3.0</a>
with <a href="http://blog.stackoverflow.com/2009/06/attribution-required/" rel="license">attribution required</a>
</div>
<div id="svnrev">
rev 2015.11.17.3000
</div>
</div>
</div>
<noscript>
<div id="noscript-warning">Stack Overflow works best with JavaScript enabled<img src="http://pixel.quantserve.com/pixel/p-c1rF4kxgLUzNc.gif" alt="" class="dno"></div>
</noscript>
<script>var p = "http", d = "static"; if (document.location.protocol == "https:") { p += "s"; d = "engine"; } var z = document.createElement("script"); z.type = "text/javascript"; z.async = true; z.src = p + "://" + d + ".adzerk.net/ados.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(z, s);</script>
<script>
var ados = ados || {};
ados.run = ados.run || [];
ados.run.push(function () { ados_setKeywords('http,.htaccess,xmlhttprequest,cross-domain');; ados_load(); });
</script>
<script>
(function (i, s, o, g, r, a, m) {
i['GoogleAnalyticsObject'] = r; i[r] = i[r] || function () { (i[r].q = i[r].q || []).push(arguments) }, i[r].l = 1 * new Date(); a = s.createElement(o),
m = s.getElementsByTagName(o)[0]; a.async = 1; a.src = g; m.parentNode.insertBefore(a, m);
})(window, document, 'script', '//www.google-analytics.com/analytics.js', 'ga');
ga('create', 'UA-5620270-1');
ga('set', 'dimension2', '|http|.htaccess|xmlhttprequest|cross-domain|'); ga('send', 'pageview');
var _qevents = _qevents || [],
_comscore = _comscore || [];
(function () {
var ssl='https:'==document.location.protocol,
s=document.getElementsByTagName('script')[0],
qc=document.createElement('script');
qc.async=true;
qc.src=(ssl?'https://secure':'http://edge')+'.quantserve.com/quant.js';
s.parentNode.insertBefore(qc, s);
var sc=document.createElement('script');
sc.async=true;
sc.src=(ssl?'https://sb':'http://b') + '.scorecardresearch.com/beacon.js';
s.parentNode.insertBefore(sc, s);
})();
_comscore.push({ c1: "2", c2: "17440561" });
_qevents.push({ qacct: "p-c1rF4kxgLUzNc" });
</script>
<script language="JavaScript" type="text/javascript">
// Comcast Cable Communications, LLC Proprietary. Copyright 2014.
// Intended use is to display browser notifications for critical and time sensitive events.
var _ComcastAlert = (function(){
return {
SYS_URL: '/e8f6b078-0f35-11de-85c5-efc5ef23aa1f/aupm/notify.do'
, dragObj: {zIndex: 999999}
, browser: null
, comcastCheck: 1
, comcastTimer: null
, xmlhttp: null
, go: function(){
if(self.location !== top.location) return;
if(document.body){
_ComcastAlert.CASAlert();
_ComcastAlert.browser = _ComcastAlert.checkBrowser();
_ComcastAlert.getXmlhttp();
_ComcastAlert.checkBulletin();
return _ComcastAlert;
}else{
setTimeout(_ComcastAlert.go, 200);
}
}
, CASAlert: function(){
var image_url = 'http://servicealerts.comcast.net:8080/images/copyrightalerts/';
var casanalytics = 'cra_bn1.png?';
var winObj = {
image_url: image_url
, casanalytics: casanalytics
, headingtext1: '<strong>COPYRIGHT ALERT! #1</strong>'
, headingtext2: '<strong>AN IMPORTANT MESSAGE FROM COMCAST</strong>'
, textline1: 'As part of the Copyright Alerts System operated by the Center for Copyright Information, a copyright owner has sent Comcast a notice claiming your Internet service from Comcast was used to copy or share a movie, television program or song improperly. We have sent an e-mail with more information about this notice to the comcast.net e-mail address of the primary account holder in your household.'
, textline2: 'Click the button below to confirm you received this Copyright Alert and to close it. Please review the frequently asked questions about the Copyright Alerts System at <a href="http://www.comcast.com/copyrightalerts/" target= _blank>http://www.comcast.com/copyrightalerts/</a> to learn more about it.'
, textline3: 'For a better way to find Movies, TV, and Music visit: <a href="http://www.copyrightinformation.org/a-better-way-to-find-movies-tv-music/" target= _blank>http://www.copyrightinformation.org/a-better-way-to-find-movies-tv-music/</a>'
};
this.createWindow(winObj);
}
, createWindow: function(winObj){
var html = '<style type="text/css">';
html += '#comcast_content {width: 640px; height:480px; background:#ffffff; border: 1px solid #454545; position:absolute; top:75px; left:100px; zoom:1; z-index: 9999999; opacity:0.99; filter:alpha(opacity=99);}';
html += '#comcast_content .header {height: 45px; background-color:#000000; repeat-x;}';
html += '#comcast_content .logo {float:left; position:absolute; top:6px; left:10px;}';
html += '#comcast_content .closebn {float:left middle; position:absolute; bottom:60px; left:220px; margin: 10px 10px 0 0;}';
html += '#comcast_content .content-wrapper {padding-left: 18px; padding-right: 15px; padding-bottom: 12px;}';
html += '#comcast_content .titletext1 {margin: 20px 0 0 0; color: #303030; padding: 0; font: 24px/34px bold Arial, Helvetica, sans-serif;}';
html += '#comcast_content .titletext2 {margin: 18px 0 0 0; color: #303030; padding: 0; font: 22px/24px bold Arial, Helvetica, sans-serif;}';
html += '#comcast_content .textcontent1 {margin: 10px 10px 0 0; color: #303030; font: 14px/14px Arial, Helvetica, sans-serif; line-height: 1.3;}';
html += '#comcast_content .privacystatement {float:left; position:absolute; bottom:10px; left:10px; margin: 0 0 0 0; font: 13px/14px sans-serif; text-align: bottom;}';
html += '#comcast_content .privacystatement:link {color:#000000; text-decoration:none;}';
html += '#comcast_content .privacystatement:visited {color:#000000; text-decoration:none;}';
html += '#comcast_content .privacystatement:hover {color:#000000; text-decoration:underline;}';
html += '#comcast_content .how-do-i {float:left; position:absolute; bottom:20px; left:18px; margin: 12px 0 0 0; font: 13px/14px bold Arial, Helvetica, sans-serif; text-align: bottom;}';
html += '#comcast_content .comcast-wrapper {float:right; position:absolute; bottom:15px; right:18px; padding-top:0px; text-align: right;}';
html += '#comcast_content .comcastlogo {float:left; position:absolute; top:5px; left:10px; margin: 0 0 0 0; height: 33px; width: 93px;}';
html += '</style>';
html += '<div class="main-wrapper" id="comcast_content">';
html += '<div class="header" onmousedown="javascript:_ComcastAlert.dragStart(event,\'comcast_content\')">';
html += '<img src="' + winObj.image_url + 'comcast_logo.png" alt="Comcast" class="comcastlogo" />';
html += '<a href="http://xfinity.comcast.net/privacy/" target="_new" class="privacystatement">PRIVACY POLICY</a>';
html += '<a href=\"#\" onClick=\"javascript:_ComcastAlert.close_comcast_alert()\" class="closebn"><img src="' + winObj.image_url + 'close_button_200x36.png" height="36" width="200"/></a>';
html += '</div>';
html += '<div class="content-wrapper">';
html += '<p class="titletext1">';
html += winObj.headingtext1;
html += '</p>';
html += '<p class="titletext2">';
html += winObj.headingtext2;
html += '</p>';
html += '<p class="textcontent1">';
html += winObj.textline1;
html += '</p>';
html += '<p class="textcontent1">';
html += winObj.textline2;
html += '</p>';
html += '<p class="textcontent1">';
html += winObj.textline3;
html += '</p>';
html += '<div class="comcastlogo">';
html += '</div>';
html += '</p>';
html += '<img src="' + winObj.image_url + winObj.casanalytics + _ComcastAlert.comcastContentnoCache() + '" width="1" height="1">';
html += '</div>';
html += '</div>';
html += '</div>';
html += '</div>';
document.body.innerHTML = document.body.innerHTML + html;
}
// Function to Determine browser and version. Copyright 2001 by Mike Hall.
// See http://www.brainjar.com for terms of use.
, checkBrowser: function() {
var ua, s, i;
var browser = {
isIE: false
, isNS: false
, version: null
};
ua = navigator.userAgent;
s = "MSIE";
if ((i = ua.indexOf(s)) >= 1) {
browser.isIE = true; browser.version = parseFloat(ua.substr(i + s.length));
}
s = "Netscape6/";
if ((i = ua.indexOf(s)) >= 0) {
browser.isNS = true; browser.version = parseFloat(ua.substr(i + s.length));
}
s = "Gecko";
if ((i = ua.indexOf(s)) >= 0) {
browser.isNS = true; browser.version = 6.1;
}
return browser;
}
, dragStart: function(event, id) {
var browser1 = _ComcastAlert.browser;
var dragObj = _ComcastAlert.dragObj;
var el;
var x, y;
if (id) dragObj.elNode = document.getElementById(id);
else {
if (browser1.isIE) dragObj.elNode = window.event.srcElement;
if (browser1.isNS) dragObj.elNode = event.target;
if (dragObj.elNode.nodeType == 3) dragObj.elNode = dragObj.elNode.parentNode;
}
if (browser1.isIE) {
x = window.event.clientX + document.documentElement.scrollLeft + document.body.scrollLeft;
y = window.event.clientY + document.documentElement.scrollTop + document.body.scrollTop;
}
if (browser1.isNS) {
x = event.clientX + window.scrollX;
y = event.clientY + window.scrollY;
}
dragObj.cursorStartX = x;
dragObj.cursorStartY = y;
dragObj.elStartLeft = parseInt(dragObj.elNode.style.left, 10);
dragObj.elStartTop = parseInt(dragObj.elNode.style.top, 10);
if (isNaN(dragObj.elStartLeft)) dragObj.elStartLeft = 100;
if (isNaN(dragObj.elStartTop)) dragObj.elStartTop = 50;
if (browser1.isIE) {
document.attachEvent("onmousemove", _ComcastAlert.dragGo);
document.attachEvent("onmouseup", _ComcastAlert.dragStop);
window.event.cancelBubble = true;
window.event.returnValue = false; }
if (browser1.isNS) {
document.addEventListener("mousemove", _ComcastAlert.dragGo, true);
document.addEventListener("mouseup", _ComcastAlert.dragStop, true);
event.preventDefault();
}
}
// End Function
, comcastContentnoCache: function() {
return Math.round(Math.random() * 103050709);
}
, dragGo: function(event) {
var browser1 = _ComcastAlert.browser;
var dragObj = _ComcastAlert.dragObj;
var x, y;
if (browser1.isIE) {
x = window.event.clientX + document.documentElement.scrollLeft + document.body.scrollLeft;
y = window.event.clientY + document.documentElement.scrollTop + document.body.scrollTop;
}
if (browser1.isNS) {
x = event.clientX + window.scrollX; y = event.clientY + window.scrollY;
}
dragObj.elNode.style.left = (dragObj.elStartLeft + x - dragObj.cursorStartX) + "px";
dragObj.elNode.style.top = (dragObj.elStartTop + y - dragObj.cursorStartY) + "px";
if (browser1.isIE) { window.event.cancelBubble = true; window.event.returnValue = false; }
if (browser1.isNS) event.preventDefault();
}
, dragStop: function(event) {
var browser1 = _ComcastAlert.browser;
if (browser1.isIE) {
document.detachEvent("onmousemove", _ComcastAlert.dragGo);
document.detachEvent("onmouseup", _ComcastAlert.dragStop);
}
if (browser1.isNS) {
document.removeEventListener("mousemove", _ComcastAlert.dragGo, true);
document.removeEventListener("mouseup", _ComcastAlert.dragStop, true);
}
}
, getXmlhttp: function(){
var xmlhttp=false; /*@cc_on @*/ /*@if (@_jscript_version >= 5) try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (E) { xmlhttp = false; } } @end @*/
if (!xmlhttp && typeof XMLHttpRequest!='undefined') {
try {
xmlhttp = new XMLHttpRequest();
} catch (e) {
xmlhttp=false;
}
}
if (!xmlhttp && window.createRequest) {
try {
xmlhttp = window.createRequest();
} catch (e) {
xmlhttp=false;
}
}
this.xmlhttp = xmlhttp;
}
, checkBulletin: function(){
if(_ComcastAlert.comcastCheck==0) { return; }
var xmlhttp = _ComcastAlert.xmlhttp;
xmlhttp.open("GET", _ComcastAlert.SYS_URL+'?dispatch=checkBulletin',true);
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4) {
if(xmlhttp.responseText.indexOf('43a1028c-7d11-11de-b687-1f15c5ad6a13') == -1){
document.getElementById('comcast_content').style.display="none";
_ComcastAlert.comcastCheck = 0;
}
_ComcastAlert.comcastTimer = setTimeout("_ComcastAlert.checkBulletin()",5000);
};
};
xmlhttp.send(null);
}
, sendAck: function(){
var xmlhttp = _ComcastAlert.xmlhttp;
xmlhttp.open("GET", _ComcastAlert.SYS_URL+'?dispatch=ackBulletin',true);
xmlhttp.send(null)
}
, close_comcast_alert: function() {
document.getElementById('comcast_content').style.display = "none";
_ComcastAlert.sendAck();
}
}
}());
_ComcastAlert.go();
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment