Skip to content

Instantly share code, notes, and snippets.

@nixta
Last active Oct 20, 2021
Embed
What would you like to do?
.htaccess to add CORS to your website
# Add these three lines to CORSify your server for everyone.
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET,PUT,POST,DELETE"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"

CORSify a folder in Apache

Add the above three lines to an .htaccess file to enable CORS for that folder and its subfolders. Of course, you could also add this to the httpd.conf file if you have access.

###Notes:

  • Ensure that the mod_headers Apache Module is enabled.
  • This will open things up pretty grandly. This may or may not be what you want.

###Disclaimer

  • Do at your own risk, etc. etc.
  • My Apache-fu is weak, so there may well be a better solution.
@ajeetberiha

This comment has been minimized.

Copy link

@ajeetberiha ajeetberiha commented Nov 17, 2018

where to add this code ? on the very top of the .htaccess file

@dpnebert

This comment has been minimized.

Copy link

@dpnebert dpnebert commented Dec 10, 2019

This will leave your website open to security vulnerabilities. Any, read that correctly, ANY site will be able to return data to your site, and if your site doesn't check to see if it is what it expects (sorry for the mouth full), it will run any code passed back. Don't leave open doors for intruders.

@zackrspv

This comment has been minimized.

Copy link

@zackrspv zackrspv commented Jan 24, 2021

For CORS, even though the documentation states to use 'SET', it is recommended to use 'ADD' as that will work on most systems. If you notice that when you use the above code and you are still receiving the pre-flight or CORS errors, change 'set' to 'add' and you will most likely be fine.

@LussRus

This comment has been minimized.

Copy link

@LussRus LussRus commented Jul 14, 2021

If this problem can't be solved by .htaccess, then try to put in your PHP file next:
header("Access-Control-Allow-Origin: *");

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment