Skip to content

Instantly share code, notes, and snippets.

@revolunet

revolunet/.htaccess

Last active January 31, 2019 11:09
Show Gist options
  • Star 9 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save revolunet/6295643 to your computer and use it in GitHub Desktop.
Save revolunet/6295643 to your computer and use it in GitHub Desktop.
Download ZIP
global enable CORS without touching code
Raw
.htaccess
# with AJAX withCredentials=false (cookies NOT sent)
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE"
Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]
# with AJAX withCredentials=true (cookies sent, SSL allowed...)
SetEnvIfNoCase ORIGIN (.*) ORIGIN=$1
Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE"
Header always set Access-Control-Allow-Origin "%{ORIGIN}"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]
@matiangul
Copy link

"%{ORIGIN}" should be "%{ORIGIN}e" otherwise Apache will not understand it

@rajagopalx
Copy link

rajagopalx commented Jun 21, 2016
edited

Thanks a lot. 👍 I spend almost a day to get this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment