Is it impossible to use “the current” domain for “Header add Access-Control-Allow-Ori

I currently use this which works perfectly in allowing cross-domain Ajax requests.

SetEnvIf Origin "^http(s)?://(.+\\.)?(my-specified-domain\\.com)$" origins_is=$0
Header add Access-Control-Allow-Origin %{origin_is}e env=origin_is�
Header add Access-Control-Allow-Credentials: true�

However, is it possible to do this without hard-coding the domain name?

I believe you can’t embed a variable inside SetEnv and I just can’t see a way to allow the alternative scheme, whatever domain you are hosting the site on.

Surely this is an obvious and essential requirement. Who wants to hard-code the domain every time?

Maybe the best way would be to match up against the ServerName setting (e.g. in the virtual host). If the URL matches that (regardless of scheme) then allow the cross-domain request.

No, it isn’t – if you are on https you should not be making http requests, that gets you a little browser warning for a reason. If you’ve got https why not just serve everything https anyhow? Much cleaner and much more secure and you aren’t using any more precious resources given you’ve already got https running.