Apache Configure CORS Headers for Whitelist Domains<\/p>\n
<\/p>\n
<\/p>\n
In the current implementation of Cross Origin Resource Sharing (CORS) the Since only a single domain in a single access header can be delivered back to the client, Apache must read the incoming Use the following configuration snippet in the Apache virtual host “.conf” file or in the server “.htaccess” file. Ensure The regular expression If you send a request from If you sent another request from Apache Configure CORS Headers for Whitelist Domains<\/p>\n <\/p>\n <\/p>\n In the current implementation of Cross Origin Resource Sharing (CORS) the Access-Control-Allow-Origin header can only provide a single host domain or a wildcard as the accept value. This is not optimal when you have multiple clients connecting to the same virtual server and simply want to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7686"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7686"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7686\/revisions"}],"predecessor-version":[{"id":7687,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7686\/revisions\/7687"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Access-Control-Allow-Origin<\/code> header can only provide a single host domain or a wildcard as the accept value. This is not optimal when you have multiple clients connecting to the same virtual server and simply want to allow a list of known client host domains to the “allow” list.<\/p>\nOrigin<\/code> header and match it to the list of “white” (accepted) domains. If an appropriate match is found, echo the domain host back to client as the value of Access-Control-Allow-Origin<\/code>.<\/p>\nmod_headers<\/code> and SetEnvIfNoCase<\/code> are enabled.<\/p>\n<IfModule mod_headers.c>\r\n SetEnvIfNoCase Origin \"https?:\/\/(www\\.)?(domain\\.com|staging\\.domain\\.com)(:\\d+)?$\" ACAO=$0\r\n Header set Access-Control-Allow-Origin %{ACAO}e env=ACAO\r\n<\/IfModule>\r\n<\/code><\/pre>\nhttps?:\/\/(www\\.)?(domain\\.com|staging\\.domain\\.com)(:\\d+)?$<\/code> matches the URL of Origin<\/code>, a required HTTP header for all requests. The pattern matches both the http<\/code> and https<\/code> protocols. It will match an optional www.<\/code> subdomain and finally matches the actual host name of your whitelist entries. Any characters after the domain name are ignored. This example will therefore enable:<\/p>\n* http:\/\/domain.com<\/a>\r\n* https:\/\/domain.com<\/a>\r\n* http:\/\/www.domain.com<\/a>\r\n* https:\/\/www.domain.com<\/a>\r\n* http:\/\/staging.domain.com<\/a>\r\n* https:\/\/staging.domain.com<\/a>\r\n* http:\/\/www.staging.domain.com<\/a>\r\n* https:\/\/www.staging.domain.com<\/a>\r\n<\/code><\/pre>\nhttp:\/\/staging.domain.com\/app\/<\/a><\/code>, the response would include the header:<\/p>\nAccess-Control-Allow-Origin: http:\/\/staging.domain.com<\/a>\r\n<\/code><\/pre>\nhttps:\/\/www.domain.com\/client\/<\/a><\/code>, the response would include the header:<\/p>\nAccess-Control-Allow-Origin: https:\/\/www.domain.com<\/a>\r\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"