Block requests from other domains with htaccess

⛔️ Not allowed!

If you would like to set the allowed origin for AJAX requests in your apache environment you can use the following .htaccess file snippet.

<IfModule mod_headers.c>
 <FilesMatch "\.(html|php)$">
  SetEnvIf Origin "https://www.YourDomain.com" AccessControlAllowOrigin=$0
  Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
  Header set Access-Control-Allow-Credentials true
 </FilesMatch>
</IfModule>

Update

The snippet above seems to no longer work with my Apache setup. This one now works:

Header set Access-Control-Allow-Origin "https://yourDomain.com"

About Rick

Senior Front-end Software Engineer from Barcelona, Haidong Gumdo Instructor (korean martial art of the sword), street photographer, travel lover, TV addict, Boston Red Sox fan, and privacy advocate.

Leave a Reply

Add <code> Some Code </code> by using this tags.

*
*