handle multiple domains with Access-Control-Allow-Origin header in Apache

Question

I want to configure apache for cross-domain access header. I have tried multiple combination as suggested on number of threads on the forum. But its not working for me.

Answer 1

To restrict access to certain URIs checkout these docs:

CrossOriginRequestSecurity

Server-Side Access Control#Apache_examples

One helpful trick is to use an Apache rewrite, environment variable, and headers to apply Access-Control-Allow-* to certain URIs. This is useful, for example, to constrain cross-origin requests to GET /api(.*).json requests without credentials:

RewriteRule ^/api(.*)\.json$ /api$1.json [CORS=True]
Header set Access-Control-Allow-Origin "*" env=CORS
Header set Access-Control-Allow-Methods "GET" env=CORS
Header set Access-Control-Allow-Credentials "false" env=CORS

Also, in general, according to W3 Wiki - CORS Enabled#For_Apache To expose the header, you can add the following line inside Directory, Location, and Files sections, or within an .htaccess file.

  Header set Access-Control-Allow-Origin "*"

AND, you can use add rather than set, but be aware that add can add the header multiple times, so it's generally safer to use set.