How to configure apache to handle multiple domains with Access-Control-Allow-Origin header?

Question

I want to configure apache to allow XMLHttpRequests from multiple, but not all domains.

This works:

Header set Access-Control-Allow-Origin \"*\"
<         


        

Answer 1

you can use SetEnvIf in your .htaccess file or in in vhost file (inside "Directory" group):

   SetEnvIfNoCase Origin "https?://(www\.)?(mydomain\.com|mydomain2\.com)(:\d+)?$" AccessControlAllowOrigin=$0
   Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin

With this code you can allow access from

• "mydomain.com" and "mydomain2.com"
• with or without "www." in front
• with or without port number
• http or https

You can add multiple domains separated with | or you can use regexp to configure different subdomains or patterns.