HTTP Access Control (CORS) for multiple domains

0

How to release HTTP access control (CORS) of images using XMLHttpRequest for all domains below in .htaccess and not using global permission with "*":

Access-Control-Allow-Origin: http://www.osite.com.br,
https://osite.com.br, http://osite.com.br, https://subdomain.osite.com.br,
http://www.subdomain.osite.com.br

Even putting it like this, it did not work, it is giving error because of the access when I enter the domain: link does not work, when I enter link it works:

<IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www\.)?(osite.com.br|subdomain.osite.com.br|)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
</IfModule>

Note: The site and the image are fictitious, just to represent the problem.

    
asked by anonymous 23.05.2017 / 16:29

1 answer

0

In order for the Access-Control-Allow-Origin parameter to work this way you need to use the replace=false parameter, so there is no overlap of headers ... like this:

header ("access-control-allow-origin: endereço1");
header ("access-control-allow-origin: endereço2", false);
header ("access-control-allow-origin: endereço3", false);
header ("access-control-allow-origin: endereço4", false);
    
29.09.2017 / 22:38