Set CORS header to Allow Access for any Incoming Domain

The following may be used to set to always set the CORS header for any incoming domains without using the wildcard and for setting headers particularly for the incoming domain name. This header set allows passing of the cookie and is quite open, modify it for your needs:

 

 SetEnvIf Origin ".*$" acaorigin=$0
 Header always set Access-Control-Allow-Origin %{acaorigin}e env=acaorigin
 Header always set Access-Control-Allow-Credentials true
 Header always set Access-Control-Allow-Headers: "DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, C$, Authorization, Origin, X-Requested-With, Content-Type, Accept"
 Header always set Access-Control-Allow-Methods: "PUT, GET, POST, OPTIONS, PATCH"
 Header always set Access-Control-Expose-Headers: "Content-Security-Policy, Location, Cache-Control, Content-Language, Content-Encoding, Content-Type, Expires, Last-Modified, Pragma"
 Header always set Access-Control-Max-Age "600" 
 Header merge Vary Origin

 

 

  • 4 Users Found This Useful

Was this answer helpful?

Related Articles

Why is my account suspended?

Why is my account suspended? If you are receiving an account suspended page when trying to access...

How to create a temporary 302 redirect via htaccess

An easy way to create a temporary redirect from one page to another web page is to use the 302...

What are these vt directories?

Those are FrontPage extension directories. If you have and no longer need them you can uninstall...

I have a reseller account. What can I use for billing software and automation?

There are many great programs that work for both billing, domain and cpanel integration. Check...

Enable Mod Rewrite

Create an .htaccess file with the following contents and upload it to your public_html directory....