Yalme · November 17, 2023 17:33
diff --git a/php_cors_header_examples.php b/php_cors_header_examples.php
 <?php

 // if you want pass all
 header('Access-Control-Allow-Origin: *');

 // if you want limit by domain
 header('Access-Control-Allow-Origin: https://domain.com');

 // if you want limit by multiple domains
 // list of allowed domains
 $allowed_domains = array(
  'domain.com',
  'domain2.com'
 );
 // find out current incoming client
 if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {     
  $origin = $_SERVER['HTTP_ORIGIN']; 
 } else if (array_key_exists('HTTP_REFERER', $_SERVER)) {     
  $origin = $_SERVER['HTTP_REFERER']; 
 } else {     
  $origin = $_SERVER['REMOTE_ADDR']; 
 }
 // check if it matches
 if (in_array($allowed_domains, $origin)) {
  header('Access-Control-Allow-Origin: ' . $origin);
 }

 ?>
	<?php

	// if you want pass all
	header('Access-Control-Allow-Origin: *');

	// if you want limit by domain
	header('Access-Control-Allow-Origin: https://domain.com');

	// if you want limit by multiple domains
	// list of allowed domains
	$allowed_domains = array(
	'domain.com',
	'domain2.com'
	);
	// find out current incoming client
	if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
	$origin = $_SERVER['HTTP_ORIGIN'];
	} else if (array_key_exists('HTTP_REFERER', $_SERVER)) {
	$origin = $_SERVER['HTTP_REFERER'];
	} else {
	$origin = $_SERVER['REMOTE_ADDR'];
	}
	// check if it matches
	if (in_array($allowed_domains, $origin)) {
	header('Access-Control-Allow-Origin: ' . $origin);
	}

	?>