I’m trying to allow all subdomains under my main domain to get assets from each other. Fx. mydomain.com and test.mydomain.com should be able to access cdn.mydomain.com without being blocked.

I found this SO question that covers it, but I can’t get it working… My “cdn.mydomain.com.conf” virtual host file looks like this;

<VirtualHost *:80>
    ServerName cdn.mydomain.com

    ServerAdmin admin@mydomain.com
    DocumentRoot /var/www/cdn

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    #Header set Access-Control-Allow-Origin "*"

    <IfModule mod_rewrite.c>
    <IfModule mod_headers.c>
        SetEnvIf Origin ^(https?://(?:.+\.)?mydomain\.com(?::\d{1,5})?)$   CORS_ALLOW_ORIGIN=$1
        Header append Access-Control-Allow-Origin  %{CORS_ALLOW_ORIGIN}e   env=CORS_ALLOW_ORIGIN
        Header merge  Vary "Origin"
    </IfModule>
    </IfModule>
</VirtualHost>
<Directory /var/www/cdn>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Is the “stolen” content from the SO-question placed in the right place? I still get;

Access to font at 'https://cdn.mydomain.com/test.ttf' from origin 'https://sub.mydomain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

What am I missing?