Access-Control-Allow-Origin Multiple Origin Domains?

Question

Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?

I\'m aware of the *, but it is too open. I rea

Answer 1

A more flexible approach is to use Apache 2.4's expressions. You can match against domains, paths, and just about every other request variable. Though the response sent is always *, the only requesters receiving it are the ones that meet the requirements anyway. Using the Origin (or any other) request header in the expression causes Apache to automatically merge it into the Vary response header, so that response won't be reused for a different origin.

    
        Header set Access-Control-Allow-Origin "*"