Question

Allow CORS for sub domains

Posted May 5, 2020 2.1k views
ApacheCDN

I’m trying to allow all subdomains under my main domain to get assets from each other. Fx. mydomain.com and test.mydomain.com should be able to access cdn.mydomain.com without being blocked.

I found this SO question that covers it, but I can’t get it working… My “cdn.mydomain.com.conf” virtual host file looks like this;

<VirtualHost *:80>
    ServerName cdn.mydomain.com

    ServerAdmin admin@mydomain.com
    DocumentRoot /var/www/cdn

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    #Header set Access-Control-Allow-Origin "*"

    <IfModule mod_rewrite.c>
    <IfModule mod_headers.c>
        SetEnvIf Origin ^(https?://(?:.+\.)?mydomain\.com(?::\d{1,5})?)$   CORS_ALLOW_ORIGIN=$1
        Header append Access-Control-Allow-Origin  %{CORS_ALLOW_ORIGIN}e   env=CORS_ALLOW_ORIGIN
        Header merge  Vary "Origin"
    </IfModule>
    </IfModule>
</VirtualHost>
<Directory /var/www/cdn>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Is the “stolen” content from the SO-question placed in the right place? I still get;

Access to font at 'https://cdn.mydomain.com/test.ttf' from origin 'https://sub.mydomain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

What am I missing?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
Show answer This answer has been marked as resolved by albertSquid.
Submit an Answer