CORS implementation

  • Hi, I've been reading about CORS in all threads of the forum and from outside, but can find a solution.

    so I have domain1 where I hosts all the files (krpano, xml, images)

    in htaccess from domain1 I should add :

    Code
    Header set Access-Control-Allow-Origin "*"

    then in domain2 I have a index.html

    Code
    <script src="https://domain1.com/pano.js">
    </script><div id="pano" style="width:100%;height:100%;"><script>
    embedpano({  
        swf:"https://domain1.com/pano.swf", 
        xml:"https://domain1.com/pano.xml", 
        target:"pano"
    });
    </script>
    </div>


    and pano xml is :

    So on this situation from domain2, the index.html is able to load krpano and the first xml (pano.xml) but not the second xml (defaultskin.xml) neither the images of the pano.

    Anyone knows what am I missing ?

    I've already been testing many different htaccess options like add instead of set or always set, or different kind of methods...

    Code
    Header add Access-Control-Max-Age 1728000
    Header add Access-Control-Allow-Origin: http://domain1.com
    Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
    Header add Access-Control-Allow-Headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$
    Header add Access-Control-Allow-Credentials true
    Code
    # Enable cross domain access control
    SetEnvIf Origin "^http(s)?://(.+\.)?(domain1\.com|domain2\.net)$" REQUEST_ORIGIN=$0
    Header always set Access-Control-Allow-Origin %{REQUEST_ORIGIN}e env=REQUEST_ORIGIN
    Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE"
    Header always set Access-Control-Allow-Headers: Authorization

    But I guess is more a basic CORS concept that I miss.

    thanks in advance

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!