Top Nav

AccessControlAllowOrigin CORS Header With Multiple Domains

The AccessControlAllowOrigin CORS header does not allow multiple domains. This can be a problem in some cases. A workaround on the server is to detect the incoming Origin header, match against an allowed list and then generate the AccessControlAllowOrigin header using the domain. In Apache this can be accomplished with: