Get alerted when assets are down, slow, or vulnerable to SSL attacks—all free for a month. Learn more

Question

Allow CORS for sub domains

I’m trying to allow all subdomains under my main domain to get assets from each other. Fx. mydomain.com and test.mydomain.com should be able to access cdn.mydomain.com without being blocked.

I found this SO question that covers it, but I can’t get it working… My “cdn.mydomain.com.conf” virtual host file looks like this;

<VirtualHost *:80>
	ServerName cdn.mydomain.com

	ServerAdmin admin@mydomain.com
	DocumentRoot /var/www/cdn

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	
	#Header set Access-Control-Allow-Origin "*"
	
	<IfModule mod_rewrite.c>
	<IfModule mod_headers.c>
		SetEnvIf Origin ^(https?://(?:.+\.)?mydomain\.com(?::\d{1,5})?)$   CORS_ALLOW_ORIGIN=$1
		Header append Access-Control-Allow-Origin  %{CORS_ALLOW_ORIGIN}e   env=CORS_ALLOW_ORIGIN
		Header merge  Vary "Origin"
	</IfModule>
	</IfModule>
</VirtualHost>
<Directory /var/www/cdn>
	Options Indexes FollowSymLinks
	AllowOverride All
	Require all granted
</Directory>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Is the “stolen” content from the SO-question placed in the right place? I still get;

Access to font at 'https://cdn.mydomain.com/test.ttf' from origin 'https://sub.mydomain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

What am I missing?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

albertSquidMay 6, 2020

The problem was cloudflare afterall. Purging the cache worked, and adding “Header always” also helped.

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up