Question
Allow CORS for sub domains
I’m trying to allow all subdomains under my main domain to get assets from each other. Fx. mydomain.com and test.mydomain.com should be able to access cdn.mydomain.com without being blocked.
I found this SO question that covers it, but I can’t get it working… My “cdn.mydomain.com.conf” virtual host file looks like this;
<VirtualHost *:80>
ServerName cdn.mydomain.com
ServerAdmin admin@mydomain.com
DocumentRoot /var/www/cdn
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#Header set Access-Control-Allow-Origin "*"
<IfModule mod_rewrite.c>
<IfModule mod_headers.c>
SetEnvIf Origin ^(https?://(?:.+\.)?mydomain\.com(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=$1
Header append Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN
Header merge Vary "Origin"
</IfModule>
</IfModule>
</VirtualHost>
<Directory /var/www/cdn>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Is the “stolen” content from the SO-question placed in the right place? I still get;
Access to font at 'https://cdn.mydomain.com/test.ttf' from origin 'https://sub.mydomain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
What am I missing?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×