Wednesday, August 22, 2018

.htaccess - Access-Control-Allow-Origin Multiple Origin Domains?




Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?



I'm aware of the *, but it is too open. I really want to allow just a couple domains.



As an example, something like this:



Access-Control-Allow-Origin: http://domain1.example, http://domain2.example


I have tried the above code but it does not seem to work in Firefox.




Is it possible to specify multiple domains or am I stuck with just one?


Answer



Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you would like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.



With .htaccess you can do it like this:



# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------



SetEnvIf Origin "http(s)?://(www\.)?(google.com|staging.google.com|development.google.com|otherdomain.example|dev02.otherdomain.example)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header merge Vary Origin



No comments:

Post a Comment

plot explanation - Why did Peaches' mom hang on the tree? - Movies & TV

In the middle of the movie Ice Age: Continental Drift Peaches' mom asked Peaches to go to sleep. Then, she hung on the tree. This parti...