问题
I'm trying to allow calls made to "/api/whateverEndpoint", while keeping CORS strict for all other calls.
I've come across this link Whitelisted CORS using Apache which gives the solution for origin filtering:
# e.g. origin = https://host-b.local
SetEnvIfNoCase Origin "https://host-b.local" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
But i need to adapt this to filter based on the request uri.
Any idea is greatly appreciated
回答1:
So you just need to set a variable based on a match against Request_URI
, then use that; like this:
SetEnvIf Request_URI "^/api/whateverEndpoint" IsAllowedEndpoint
Header set Access-Control-Allow-Origin "*" env=IsAllowedEndpoint
来源:https://stackoverflow.com/questions/42000914/apache-configure-cors-headers-for-whitelist-routes