12

I want allow Cross-origin resource sharing from all the sub-domain of from.example.com. So I added Cross-origin resource sharing header as given below to a page in subdomain1.to.example.com.

<?php header('Access-Control-Allow-Origin: *.from.example.com');

And I tried to access the page form subdomain1.from.example.com using ajax. I didn't get the response. So I just changed the above header as given below.

<?php header('Access-Control-Allow-Origin: http://subdomain1.from.example.com');

It works well for the subdomain1.from.example.com only.

What was the issue with first header?

Improve this question
1

1 Answer 1

Reset to default
18

Wildcards are not allowed in the Access-Control-Allow-Origin header. It has to be an exact match. You can either allow all domains by setting the value to *, or conditionally echo the value of the Origin request header if it matches one of your allowed domains.

Note that the Origin spec allows for multiple origins separated by a space. However I am not sure if this works with the Access-Control-Allow-Origin header. It may be worth a try.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.