handle multiple domains with Access-Control-Allow-Origin header in Apache
I want to configure apache for cross-domain access header. I have tried multiple combination as suggested on number of threads on the forum. But its not working for me.
The ways, I have tried:
1) Specify domain on different line as below with Header set :
Header set Access-Control-Allow-Origin "example1.com"
Header set Access-Control-Allow-Origin "example2.com"
Header set Access-Control-Allow-Origin: "example3.com"
With this setup its picking only last one and ignore rest of all.
2) Specify domain on different line as below with Header add :
Header add Access-Control-Allow-Origin "example1.com"
Header add Access-Control-Allow-Origin "example2.com"
Header add Access-Control-Allow-Origin: "example3.com"
With this its showing all three domains in header, but fonts are not getting picked up on Firefox.
3.) Tried Using SetEnvIf, but again its not working :
SetEnvIf Origin "http(s)?://(www\.)?(mydomain.com|mydomain2.com)$" AccessControlAllowOrigin=$0$1
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Finally working with "*", but I don't want to use this.
Please help with this.
Answer
For 3 domains, in your .htaccess:
<IfModule mod_headers.c>
SetEnvIf Origin "http(s)?://(www\.)?(domain1.org|domain2.com|domain3.net)$" AccessControlAllowOrigin=$0$1
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials true
</IfModule>
I've tried this and it works for me. Let me know if it doesn't for you.