CORS example for Apache with multiple domains

apache_cors_example

# Sets CORS headers for request from example1.com and example2.com pages
# for both SSL and non-SSL
SetEnvIf Origin "^https?://[^/]*(example1|example2)\.com$" ORIGIN=$0
Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
Header set Access-Control-Allow-Credentials "true" env=ORIGIN
# Always set Vary: Origin when it's possible you may send CORS headers
Header merge Vary Origin

Hi guys,
this thread was really helpful,

The solution below works. The server is returning correct Access-Control-Allow-Origin header but status code of Preflight (OPTIONS method, before POST) request is still 403 (chrome)

Is there any solution for 403?

SetEnvIf Origin "^https?://[^/]*(example1|example2)\.com$" ORIGIN=$0
Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
Header set Access-Control-Allow-Credentials "true" env=ORIGIN
Header merge Vary Origin

Hi,

I have not used Apache in years now. I would Google for "apache options cors". I switched to Nginx. I had to do some things in Nginx for OPTIONS headers so I am guessing Apache is the same. I am sure there is a solution. And if you find the solution, feel free to respond here with it.

Hi guys, this thread was really helpful,

The solution below works. The server is returning correct Access-Control-Allow-Origin header but status code of Preflight (OPTIONS method, before POST) request is still 403 (chrome)

Is there any solution for 403?

SetEnvIf Origin "^https?://[^/]*(example1|example2)\.com$" ORIGIN=$0
Header set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
Header set Access-Control-Allow-Credentials "true" env=ORIGIN
Header merge Vary Origin

Header always set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN

Thank you. This did it.