Skip to main content

Access-Control-Allow-Origin Multiple Origin Domains?

Image
By User


Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?



I'm aware of the *, but it is too open. I really want to allow just a couple domains.



As an example, something like this: 





Access-Control-Allow-Origin: http://domain1.com, http://domain2.com


I have tried the above code but it doesn't seem to work in Firefox.



Is it possible to specify multiple domains or am I stuck with just one?


Source: Tips4allCCNA FINAL EXAM
Labels:

Comments

  1. UserMay 24, 2012 at 11:11 AM

    Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you'd like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.

    ReplyDelete
  2. UserMay 24, 2012 at 11:11 AM

    I had the same problem with woff-fonts, multiple subdomains had to have acces. To allow subdomains I added something lige this to my httpd.conf:

    SetEnvIf Origin "^(.*\.example\.com)$" ORIGIN_SUB_DOMAIN=$1
    <FilesMatch "\.woff$">
    Header set Access-Control-Allow-Origin "%{ORIGIN_SUB_DOMAIN}e" env=ORIGIN_SUB_DOMAIN
    </FilesMatch>


    For multiple domains you could just change the regex in SetEnvIf

    ReplyDelete
  3. UserMay 24, 2012 at 11:11 AM

    Another solution I'm using in PHP:

    $http_origin = $_SERVER['HTTP_ORIGIN'];

    if ($http_origin == "http://www.domain1.com" || $http_origin == "http://www.domain2.com" || $http_origin == "http://www.domain3.info")
    {
    header('Access-Control-Allow-Origin: *');
    }

    ReplyDelete
  4. UserMay 24, 2012 at 11:12 AM

    There is one disadvantage you should be aware of: As soon as you out-source files to a CDN (or any other server which doesn't allow scripting) or if your files are cached on a proxy, altering response based on 'Origin' request header will not work.

    ReplyDelete
  5. UserMay 24, 2012 at 11:12 AM

    Delimit them with a pipe character rather than a comma, as in this example:

    https://developer.mozilla.org/En/HTTP_Access_Control

    ReplyDelete

Post a Comment

Popular posts from this blog

Why is this Javascript much *slower* than its jQuery equivalent?

By User
I have a HTML list of about 500 items and a "filter" box above it. I started by using jQuery to filter the list when I typed a letter (timing code added later): $('#filter').keyup( function() { var jqStart = (new Date).getTime(); var search = $(this).val().toLowerCase(); var $list = $('ul.ablist > li'); $list.each( function() { if ( $(this).text().toLowerCase().indexOf(search) === -1 ) $(this).hide(); else $(this).show(); } ); console.log('Time: ' + ((new Date).getTime() - jqStart)); } ); However, there was a couple of seconds delay after typing each letter (particularly the first letter). So I thought it may be slightly quicker if I used plain Javascript (I read recently that jQuery's each function is particularly slow). Here's my JS equivalent: document.getElementById('filter').addEventListener( 'keyup', function () { var jsStart = (new Date).getTime()...
3 comments
Read more

Is it possible to have IF statement in an Echo statement in PHP

By User
Thanks in advance. I did look at the other questions/answers that were similar and didn't find exactly what I was looking for. I'm trying to do this, am I on the right path? echo " <div id='tabs-".$match."'> <textarea id='".$match."' name='".$match."'>". if ($COLUMN_NAME === $match) { echo $FIELD_WITH_COLUMN_NAME; } else { } ."</textarea> <script type='text/javascript'> CKEDITOR.replace( '".$match."' ); </script> </div>"; I am getting the following error message in the browser: Parse error: syntax error, unexpected T_IF Please let me know if this is the right way to go about nesting an IF statement inside an echo. Thank you.
5 comments
Read more