Will CORS ever be a problem when you have x.example.com going to y.example.com or only if the root domain is different?
Asked
Active
Viewed 2.4k times
1 Answers
4
CORS is not allowing subdomains, so you need to specify them in your server configuration.
If you are using NGINX (or you could use it as a proxy and solve your problem) by providing dynamic cors header response
server {
root /path/to/your/stuff;
index index.html index.htm;
set $cors "";
if ($http_origin ~* (.*\.yoursweetdomain.com)) {
set $cors "true";
}
server_name yoursweetdomain.com;
location / {
if ($cors = "true") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'User-Agent,Keep-Alive,Content-Type';
}
if ($request_method = OPTIONS) {
return 204;
}
}
}
profesor79
- 176
- 5