re: How to fix CORS headers in a single page application VIEW POST

re: Using * for access isn't great practice. CORS protection exists for a reason. Here's something for Apache that we use that also helps migrating bet...

I fully agree with you, that's why I've included all the different examples to explain each concept in detail and added the disclaimer: "Below will follow a few examples that you can copy/paste, be mindful how much you want to allow the browser to do though."

Something you can use for the origin is also this:

add_header Access-Control-Allow-Origin $http_origin;

This way it adds the requesting origin to the "whitelisted" domains. But yes, as you said, it's best to restrict these and not leave them wide open.

code of conduct - report abuse