CORS – Set Access-Control-Allow-Origin for multiple domains

When there is a requirement to allow multiple request origins, you can do it with the following configuration:

SetEnvIfNoCase Origin "https?:\/\/(dev|staging|game|mail)?(.domain.com)(:\d+)?$" ACAO=$0
Header always set Access-Control-Allow-Origin %{ACAO}e env=ACAO

This needs to go inside the Directory directive in the apache configuration file.

With the snippet above, you will be able to allow requests from the following domains on http / https:
dev.domain.com
staging.domain.com
game.domain.com
mail.domain.com

Once done, save and restart Apache server.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s