Skip to content

Instantly share code, notes, and snippets.

@nixta
Last active October 14, 2023 10:47
  • Star 33 You must be signed in to star a gist
  • Fork 9 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
.htaccess to add CORS to your website
# Add these three lines to CORSify your server for everyone.
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET,PUT,POST,DELETE"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"

CORSify a folder in Apache

Add the above three lines to an .htaccess file to enable CORS for that folder and its subfolders. Of course, you could also add this to the httpd.conf file if you have access.

###Notes:

  • Ensure that the mod_headers Apache Module is enabled.
  • This will open things up pretty grandly. This may or may not be what you want.

###Disclaimer

  • Do at your own risk, etc. etc.
  • My Apache-fu is weak, so there may well be a better solution.
@LussRus
Copy link

LussRus commented Jul 14, 2021

If this problem can't be solved by .htaccess, then try to put in your PHP file next:
header("Access-Control-Allow-Origin: *");

@talktonok
Copy link

If this problem can't be solved by .htaccess, then try to put in your PHP file next: header("Access-Control-Allow-Origin: *");

I don't understand. Which PHP file?

@onlinejo
Copy link

for security , change :

Header set Access-Control-Allow-Origin "*"

to you origin site comming from

Header Set Access-Control-Allow-Origin "https://mysite.mysite.com"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment