Allowing cross origin requests for http and https

apache .htaccess https cors
14,237

Have you tried using HTTPS variable?

It will be set to "on" for all https requests. Your .htaccess should look like this

Header set Access-Control-Allow-Origin: http://example.com             #default
Header set Access-Control-Allow-Origin: https://example.com env=HTTPS   #override if https
Share:
14,237
Admin
Author by

Admin

Updated on July 26, 2022

Comments

  • Admin
    Admin almost 2 years

    My website supports both http and https protocols. However using the code below in .htaccess file, I can only set one domain to allow CORS requests:

    Header set Access-Control-Allow-Origin: http://example.com

    I want to allow CORS for both http and https versions of my site (not just "*") and tried the solutions here: Access-Control-Allow-Origin Multiple Origin Domains?

    But the problem is that all solutions rely on Origin header in the request which may not exist and also is not secure. (anyone can put a origin header in their request)

    I want to know if the request has been served over https and use this info to set the proper CORS header. Something like this:

    SetEnvIf servedOverHttps httpsOrigin=true
Header set Access-Control-Allow-Origin: https://example.me env=httpsOrigin

SetEnvIf notServedOverHttps httpOrigin=true
Header set Access-Control-Allow-Origin: http://example.me env=httpOrigin

    How can I find out that it's a https request?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

RewriteCond not working on force https for HTTP_HOST
How to setup ssl using only .htaccess file
Curl: (51) error when trying to check whether or not my website redirects correctly
Force https for entire server/domain
htaccess force https and redirect www to non-www, but no other subdomains
handle multiple domains with Access-Control-Allow-Origin header in Apache
enable cors in .htaccess
htaccess redirect to https://www
Https to http redirect using htaccess
How to Enable CORS for Apache httpd server? (Step-By-Step Process)