Allow CORS for sub domains

I’m trying to allow all subdomains under my main domain to get assets from each other. Fx. and should be able to access without being blocked.

I found this SO question that covers it, but I can’t get it working… My “” virtual host file looks like this;

<VirtualHost *:80>

	DocumentRoot /var/www/cdn

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	#Header set Access-Control-Allow-Origin "*"
	<IfModule mod_rewrite.c>
	<IfModule mod_headers.c>
		SetEnvIf Origin ^(https?://(?:.+\.)?mydomain\.com(?::\d{1,5})?)$   CORS_ALLOW_ORIGIN=$1
		Header append Access-Control-Allow-Origin  %{CORS_ALLOW_ORIGIN}e   env=CORS_ALLOW_ORIGIN
		Header merge  Vary "Origin"
<Directory /var/www/cdn>
	Options Indexes FollowSymLinks
	AllowOverride All
	Require all granted

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Is the “stolen” content from the SO-question placed in the right place? I still get;

Access to font at '' from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

What am I missing?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

The problem was cloudflare afterall. Purging the cache worked, and adding “Header always” also helped.