William McKeehan
William McKeehan
January 31, 2022

CORS Mult-Domain for Apace

CORS Mult-Domain for Apache

An http response can only have at most one Access-Control-Allow-Origin header. The header can only specify only one domain. If the server needs to allow requests from multiple origin domains, it needs to generate an Access-Control-Allow-Origin response header with the same value as the Origin request header.

The solution below will add the header if the origin matches one of the known domains; the value will be set to the Origin.

<IfModule mod_headers.c>
  SetEnvIf Origin "^http(s)?://(.+\.)?(domaina\.com|domainb\.com)$" origin_is=$0
  Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is