Set CORS header to Allow Access for any Incoming Domain

The following may be used to set to always set the CORS header for any incoming domains without using the wildcard and for setting headers particularly for the incoming domain name. This header set allows passing of the cookie and is quite open, modify it for your needs:

 

 SetEnvIf Origin ".*$" acaorigin=$0
 Header always set Access-Control-Allow-Origin %{acaorigin}e env=acaorigin
 Header always set Access-Control-Allow-Credentials true
 Header always set Access-Control-Allow-Headers: "DNT, X-CustomHeader, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, C$, Authorization, Origin, X-Requested-With, Content-Type, Accept"
 Header always set Access-Control-Allow-Methods: "PUT, GET, POST, OPTIONS, PATCH"
 Header always set Access-Control-Expose-Headers: "Content-Security-Policy, Location, Cache-Control, Content-Language, Content-Encoding, Content-Type, Expires, Last-Modified, Pragma"
 Header always set Access-Control-Max-Age "600" 
 Header merge Vary Origin

 

 

  • 4 Users Found This Useful

Was this answer helpful?

Related Articles

I am unable to delete a file

This can occur for several reasons. With our service, if a directory of a script was found to be...

Create a 410 Redirect for Missing Files

A redirect which is often forgot about is the 410 redirect. This is search engine friendly in the...

403 Error on POST

This can occur for several reasons: Be sure your file permissions are correct. If the file needs...

Common Search Engine Optimization Tips

Get other websites to link to you. Have your website linked and posted in socal media...

Whitelisting Our Support System Email Address

Whitelist Instructions Because we use often use html emails with http addresses in them, our...