4

I have 2 subdomains, av.xyz.example and video.xyz.example. I want to enable CORS for video.xyz.example on av.xyz.example.

I have added the following code snippet in the apache configuration file of av.xyz.com

Header set Access-Control-Allow-Origin "video.xyz.example"`

But I get the following error

The 'Access-Control-Allow-Origin' header contains the invalid value 'video.xyz.example'. Origin 'https://video.xyz.example' is therefore not allowed access.`

I tried doing it with * and still got an error that it is not permissible for a wildcard, tried doing it using - ^(.*\.xyz\.example)$ and still got the error, invalid value.

What should be the correct value in my scenario?

Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42
Rick Roy
  • 215
  • 1
  • 5
  • 15
  • A CORS origin requires a valid protocol which you haven't provided. For example, `http://video.xyz.example` and `https://video.xyz.example` are two different origins. See answer below https://serverfault.com/a/923220/202676 – natbusa Nov 29 '21 at 13:20

3 Answers3

5

If you're trying to find a solution to cross-site origin problems on all subdomains for your domain, there's a much more robust answer here:

https://stackoverflow.com/a/39668584/1402498

JamesHoux
  • 255
  • 1
  • 3
  • 8
4

Hi I was able to solve it using this code

<IfModule mod_headers.c>
   SetEnvIfNoCase Origin "https?://(www\.)?(xyz\.com|video\.xyz\.com)(:\d+)?$" ACAO=$0
   Header set Access-Control-Allow-Origin %{ACAO}e env=ACAO
</IfModule>
Rick Roy
  • 215
  • 1
  • 5
  • 15
1

It looks like you may be specifying the origin incorrectly. Try this instead:

Header set Access-Control-Allow-Origin "https://video.xyz.example"

moebius
  • 151
  • 3