How to enables CORS to allow any domain in Apache

Cross-origin resource sharing is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

This article explains the details to enable cors to allow any domain in Apache.

In-order to achieve this we need to save the following lines in apache configuration or .htaccess.

<IfModule mod_headers.c> 
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, PATCH, OPTIONS"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "Origin, Accept, Accept-Version,  Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, x-api-key, X-Response-Time, X-PINGOTHER, X-CSRF-Token,Authorization"
Header always set Access-Control-Expose-Headers "*"

That's all…

Leave a Reply