HTTP Access Control (CORS) for multiple domains

Asked

Viewed 333 times

0

How to free HTTP Access Control (CORS) of images using Xmlhttprequest for all domains below on . htaccess and not using global permission with "*":

Access-Control-Allow-Origin: http://www.osite.com.br,
https://osite.com.br, http://osite.com.br, https://subdomain.osite.com.br,
http://www.subdomain.osite.com.br

Even putting it like that, it didn’t work, it’s giving error because of the access when I enter the domain: http://www.osite.com.br/imagem.jpg doesn’t work when I enter http://osite.com.br/imagem.jpg works:

<IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www\.)?(osite.com.br|subdomain.osite.com.br|)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
</IfModule>

Obs: the site and image are fictitious, just to represent the problem.

html http-request mod-rewrite cors

1 answer

1

So that the parameter Access-Control-Allow-Origin work this way you need to use the parameter replace=false, so that there is no overlapping of headers... like this:

header ("access-control-allow-origin: endereço1");
header ("access-control-allow-origin: endereço2", false);
header ("access-control-allow-origin: endereço3", false);
header ("access-control-allow-origin: endereço4", false);

Browser other questions tagged html http-request mod-rewrite cors

You are not signed in. Login or sign up in order to post.