Forum Discussion

Nimbostratus

Sep 21, 2015

CORS with multiple domains

I'm trying to catch the multiple domains in Header:Origin for CORS implementation with no luck. It gets only one domain. Does anybody know the solution ? HTTP_Request: if {([HTTP::host] equals "ww...

Cirrus

Oct 08, 2015

Although in theory the Origin request header (and, by extension, the Access-Control-Allow-Origin response header) allow multiple comma-separated values, see the note at the bottom (from http://www.w3.org/TR/cors/access-control-allow-origin-response-header):

The Access-Control-Allow-Origin header indicates whether a resource can be shared based by returning the value of the Origin request header, "*", or "null" in the response. ABNF:

Access-Control-Allow-Origin = "Access-Control-Allow-Origin" ":" origin-list-or-null | "*"

In practice the origin-list-or-null production is more constrained. Rather than allowing a space-separated list of origins, it is either a single origin or the string "null".

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)