SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Addict
    Join Date
    Sep 2008
    Posts
    341
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Is it impossible to use “the current” domain for “Header add Access-Control-Allow-Ori

    I currently use this which works perfectly in allowing cross-domain Ajax requests.

    SetEnvIf Origin "^http(s)?://(.+\.)?(my-specified-domain\.com)$" origins_is=$0
    Header add Access-Control-Allow-Origin %{origin_is}e env=origin_is�
    Header add Access-Control-Allow-Credentials: true�

    However, is it possible to do this without hard-coding the domain name?

    I believe you can't embed a variable inside SetEnv and I just can't see a way to allow the alternative scheme, whatever domain you are hosting the site on.

    Surely this is an obvious and essential requirement. Who wants to hard-code the domain every time?

    Maybe the best way would be to match up against the ServerName setting (e.g. in the virtual host). If the URL matches that (regardless of scheme) then allow the cross-domain request.

  2. #2
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,625
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    No, it isn't -- if you are on https you should not be making http requests, that gets you a little browser warning for a reason. If you've got https why not just serve everything https anyhow? Much cleaner and much more secure and you aren't using any more precious resources given you've already got https running.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •