I have a site with http and https. I set in the .htaccess the following line which runs for http.
Header set Access-Control-Allow-Origin "*"
But with https I get this error.
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://dl.dropboxusercontent.com' is therefore not allowed access.
I tried the following with no luck.
Header set Access-Control-Allow-Origin "*" env=HTTPS
Any way to set Access-Control-Allow-Origin header for https in .htaccess?
Here is my complete .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
<IfModule mod_headers.c>
Header always set Access-Control-Allow-Origin "*"
</IfModule>
Here is my virtual host settings
<VirtualHost *:443>
ServerAdmin admin@localhost
DocumentRoot /var/www/html/domain
ServerName domain.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile "/etc/pki/tls/private/domain.crt"
SSLCertificateKeyFile "/etc/pki/tls/private/domain.key"
SSLCACertificateFile "/etc/pki/tls/private/domain.ca-bundle.crt"
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
ErrorLog logs/domain-error_log
CustomLog logs/domain-access_log common
<Directory "/var/www/html/domain">
AllowOverride All
</Directory>
</VirtualHost>
Any solution?
Best Answer
Without the complete .htaccess I don't exactly know but when more processing is done within Apache adding the condition
always
might be needed:The manual explains it as follows: