0
My javascript function is on https://subdominio.site.com.br/ tries to reach a file .JSON via GET in the main domain https://www.site.com.br/ and the return is the error in the browser console.
Blocked cross-origin request: Same origin policy (Same Origin Policy) prevents reading the remote resource on
https://www.SITE.com.br/posts.json. (Reason: the CORS header 'Access-Control-Allow-Origin' is not present).
I added in the .htaccess from the subdomain the rules below so that the application could reach the file in the main domain in the result is the same:
Header set Access-Control-Allow-Origin 'https://www.site.com.br'
Header set Access-Control-Allow-Credentials: true
Header set Access-Control-Allow-Methods: GET
Header set Access-Control-Allow-Headers: Content-Type
My question is, is the main domain that should contain the instructions for the cross-domain or is the subdomain, since this last instruction did not work after having entered the .htaccess of the sub-domain.