CORS | Tutes Club

Works for Magento 2.2x

Cross-Origin Resource Sharing header for Access-Control-Allow-Origin for Subdomains

SetEnvIf Origin "^(.*\.yourdomain\.com)$" OSD=$1
Header set Access-Control-Allow-Origin "%{OSD}e" env=OSD
Header set Access-Control-Allow-Methods: "*"
Header set Access-Control-Allow-Headers: "*"

or a general format for simple copy paste:

SetEnvIf Origin "^(.*)$" OSD=$1
Header set Access-Control-Allow-Origin "%{OSD}e" env=OSD
Header set Access-Control-Allow-Methods: "*"
Header set Access-Control-Allow-Headers: "*"

Tag: CORS

CORS policy for subdomains – htaccess – apache server