jgermade · August 29, 2015 14:16
diff --git a/.htaccess b/.htaccess
 # with AJAX withCredentials=false (cookies NOT sent)
 Header always set Access-Control-Allow-Origin "*"                   
 Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" 
 Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
 RewriteEngine On                  
 RewriteCond %{REQUEST_METHOD} OPTIONS 
 RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]

 # with AJAX withCredentials=true (cookies sent, SSL allowed...)
 SetEnvIfNoCase ORIGIN (.*) ORIGIN=$1
 Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" 
 Header always set Access-Control-Allow-Origin "%{ORIGIN}e"
 Header always set Access-Control-Allow-Credentials "true"
 Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
 RewriteEngine On
 RewriteCond %{REQUEST_METHOD} OPTIONS
 RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]
	# with AJAX withCredentials=false (cookies NOT sent)
	Header always set Access-Control-Allow-Origin "*"
	Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE"
	Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
	RewriteEngine On
	RewriteCond %{REQUEST_METHOD} OPTIONS
	RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]]

	# with AJAX withCredentials=true (cookies sent, SSL allowed...)
	SetEnvIfNoCase ORIGIN (.*) ORIGIN=$1
	Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE"
	Header always set Access-Control-Allow-Origin "%{ORIGIN}e"
	Header always set Access-Control-Allow-Credentials "true"
	Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type"
	RewriteEngine On
	RewriteCond %{REQUEST_METHOD} OPTIONS
	RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]