CORS in Apache

.htaccess

# Enable CORS
# with AJAX withCredentials=false (cookies NOT sent)
<IfModule mod_headers.c>
    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE"
    Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type,Accept,Accept-Charset,x-requested-with,Authorization"
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]
</IfModule>

# Enable CORS
# with AJAX withCredentials=true (cookies sent, SSL allowed...)
<IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
        SetEnvIfNoCase ORIGIN (.*) ORIGIN=$1
        Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE"
        Header always set Access-Control-Allow-Origin "%{ORIGIN}e"
        Header always set Access-Control-Allow-Credentials "true"
        Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type,Accept,Accept-Charset,x-requested-with,Authorization"
        RewriteCond %{REQUEST_METHOD} OPTIONS
        RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]
    </IfModule>
</IfModule>