I am trying to allow access to every subdomain on my site in order to allow cross subdomain AJAX calls. Is there a way to specify all subdomains of a site like *.example.c
The solution to this issue is to use the $_SERVER['HTTP_ORIGIN']
variable to determine whether the request has come from an allowed domain, and then conditionally set the Access-Control-Allow-Origin
like so:
$allowed_domains = [/* Array of allowed domains*/];
if (in_array($_SERVER['HTTP_ORIGIN'], $allowed_domains)) {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
}