Proper way to enable CORS

I’d like to enable CORS for a vhost; I see that there is a xdomain_request variable, but I have no idea how to use it.
How can I enable CORS for a vhost?

Thanks in advance


BTW I see this:
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin

but it should be:
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin

since only 1 such header is allowed.

You can customize the vhosts via vhost-gen configuration as described here:

I see in the vhost-gen there’s this code. Is it possible to change setting for REGEX?

xdomain_request: |
    # Allow cross domain request from these hosts
    if ( $http_origin ~* (__REGEX__) ) {
        add_header "Access-Control-Allow-Origin" "$http_origin";
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Max-Age' 0;
        return 200;

Thanks @gregfr !

Fixing here: Streamline cors headers by cytopia · Pull Request #52 · devilbox/vhost-gen · GitHub