Block requests from other domains with htaccess

⛔️ Not allowed!

If you would like to set the allowed origin for AJAX requests in your apache environment you can use the following .htaccess file snippet.

<IfModule mod_headers.c> <FilesMatch "\.(html|php)$"> SetEnvIf Origin "https://www.YourDomain.com" AccessControlAllowOrigin=$0 Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin Header set Access-Control-Allow-Credentials true </FilesMatch> </IfModule>

Update

The snippet above seems to no longer work with my Apache setup. This one now works:

Header set Access-Control-Allow-Origin "https://yourDomain.com"

About Ricard Torres

Senior Front-end Software Engineer from Barcelona, Haidong Gumdo Instructor (korean martial art of the sword), street photographer, travel lover, TV addict, Boston Red Sox fan, and privacy advocate.

@ricard_dev @ricard_dev

📝 Blog 🎙 Podcast

Leave a Reply

Add <code> Some Code </code> by using this tags.

*
*