How to enable CORS for a domain and all its sub-domains in Apache

Cross-origin resource sharing is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

This article explains the detaisl to enable cors for a domain and all its subdomains in Apache.

We can configure the below lines in either Apache configuration of .htaccess file of application.

SetEnvIf Origin "http(s)?://(.+.)?example.com(:\d{1,5})?$" CRS=$0
Header always set Access-Control-Allow-Origin "%{CRS}e" env=CRS
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, PATCH, OPTIONS"  
Header always set Access-Control-Max-Age "1000"  
Header always set Access-Control-Allow-Headers "Origin, Accept, Accept-  Version,  Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, x-api-key, X-Response-Time, X-PINGOTHER, X-CSRF-Token,Authorization"  
Header always set Access-Control-Expose-Headers "*" 
Header always set Access-Control-Allow-Credentials true 

Where we need to replace example.com with our domain for which need to enable the cors.

That's all…

Leave a Reply

Your email address will not be published. Required fields are marked *