I have 3 websites, A, B and C.
Site A has a javascript file “test.js” that I call on sites B and C. The file test.js uses XMLHttpRequest to capture the contents of a separate file “stuff.html” on site A before returning to the div on the calling website.
In order to allow CORS only on sites B and C based on https://stackoverflow.com/a/16129/ and several others, I placed the following .htaccess in the site directory:
<IfModule mod_headers.c>
SetEnvIf Origin "http(s)?://(www\.)?(b.com|c.com)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header append Vary Origin
</IfModule>
When I try to download site B, it works. But when I try to load site C into the same browser, I get the following error:
XMLHttpRequest cannot load http://www.a.com/stuff.html. The 'Access-Control-Allow-Origin' header has a value 'http://www.b.com' that is not equal to the supplied origin. Origin 'http://www.c.com' is therefore not allowed access.
However, if I clear the cache and load the C site, it works. But then loading site B does not work and gives the same error (in reverse order).
, ? , .
Edit:
, :
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin *
</IfModule>
... , . , stuff.html - html , , test.js, - , -, ? , - .