CORS setting is necessary if you have traffic coming from different domain. This is one of the security that you can put for disallow connection. However, you have need for allowing various domain to be able to access your service.<\/p>\n\n\n\n
<IfModule mod_headers.c>\n SetEnvIf Origin \"http(s)?:\/\/(www\\.)?(domain1.org|domain2.com|domain3.net)$\" AccessControlAllowOrigin=$0$1\n Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin\n Header set Access-Control-Allow-Credentials true\n<\/IfModule><\/code><\/pre>\n\n\n\nSetEnvIf Origin \"^http(s)?:\/\/(.+\\.)?(domain\\.org|domain2\\.com)$\" origin_is=$0 \nHeader always set Access-Control-Allow-Origin %{origin_is}e env=origin_is<\/code><\/pre>\n\n\n\n# Enable cross domain access control\nSetEnvIf Origin \"^http(s)?:\/\/(.+\\.)?(domain1\\.com|domain2\\.org|domain3\\.net)$\" REQUEST_ORIGIN=$0\nHeader always set Access-Control-Allow-Origin %{REQUEST_ORIGIN}e env=REQUEST_ORIGIN\nHeader always set Access-Control-Allow-Methods \"GET, POST, PUT, DELETE, OPTIONS\"\nHeader always set Access-Control-Allow-Headers \"x-test-header, Origin, X-Requested-With, Content-Type, Accept\"\n\n# Force to request 200 for options\nRewriteEngine On\nRewriteCond %{REQUEST_METHOD} OPTIONS\nRewriteRule .* \/ [R=200,L]\n\n<\/code><\/pre>\n\n\n\nReferences:<\/p>\n\n\n\n