For some sites I had to enable CORS only for one or more specific domains. Without enabling this for all domains.
It would be great if it was possible to Enable Cross-Origin Resource Sharing (CORS) for specific domains.
For now I'm using something like this as a rule at the bottom of the htaccess file (through the Admin Tools htaccess maker).
# Sets CORS headers for request from example1.com and example2.com pages
# for both SSL and non-SSL
SetEnvIf Origin "^https?://[^/]*(example1|example2)\.com$" ORIGIN=$0
Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
Header set Access-Control-Allow-Credentials "true" env=ORIGIN
# Always set Vary: Origin when it's possible you may send CORS headers
Header merge Vary Origin
Source: https://gist.github.com/brianlmoon/2291111c5c69252c85f4
(There might be better options)
It would be great if it was possible to Enable Cross-Origin Resource Sharing (CORS) for specific domains.
For now I'm using something like this as a rule at the bottom of the htaccess file (through the Admin Tools htaccess maker).
# Sets CORS headers for request from example1.com and example2.com pages
# for both SSL and non-SSL
SetEnvIf Origin "^https?://[^/]*(example1|example2)\.com$" ORIGIN=$0
Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
Header set Access-Control-Allow-Credentials "true" env=ORIGIN
# Always set Vary: Origin when it's possible you may send CORS headers
Header merge Vary Origin
Source: https://gist.github.com/brianlmoon/2291111c5c69252c85f4
(There might be better options)
