tntlt_92978
Sep 21, 2015Nimbostratus
CORS with multiple domains
I'm trying to catch the multiple domains in Header:Origin for CORS implementation with no luck. It gets only one domain. Does anybody know the solution ?
HTTP_Request:
if {([HTTP::host] equals "www.etc.com") && [HTTP::header exists Origin]} {
log local0. "[HTTP::host] - [HTTP::header Origin]"
set origin_host [HTTP::header Origin]
}
HTTP_Response:
if { [info exists origin_host] } {
HTTP::header insert Access-Control-Allow-Credentials true
log local0. "Set allow-origin to $origin_host"
HTTP::header insert Access-Control-Allow-Origin $origin_host
HTTP::header insert Access-Control-Allow-Headers "cache-control, if-modified-since, x-requested-with, Content-Type, origin, authorization, accept, client-security-token, keycode"
The error I'm receiving:
The 'Access-Control-Allow-Origin' header contains multiple values ' https://www.bbb.com', but only one is allowed. Origin 'https://www.bbb.com' is therefore not allowed access.