How to enable Cross-Origin Resource Sharing (CORS)

This article describes how to enable Cross-Origin Resource Sharing (CORS) for your site. CORS enables web browsers to access resources at a different location from where the web application is running. For example, if you have an application running on https://example.com that requests resources from https://example-2.com, the server on example-2.com must allow such requests.

If you are using secure (https://) connections with cross-origin resource sharing, make sure the servers have valid and trusted SSL certificates. Even if CORS is enabled correctly on the server, some browsers (such as Firefox) do not complete cross-origin requests if the SSL certificate itself is invalid.

Enabling CORS

To enable CORS, you must configure the web server to send an HTTP header that permits remote access to its resources. The procedure to do this varies based on the server's operating system.

CORS on Linux hosting accounts

For Linux hosting accounts, create or modify the .htaccess file in the directory where you want to permit CORS requests. Add the following line to the .htaccess file:

Header set Access-Control-Allow-Origin "*"
CORS on Windows hosting accounts

For Windows hosting accounts, create or modify the web.config file in the directory where you want to permit CORS requests. Add the following lines to the web.config file:

<configuration> <system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> </customHeaders> </httpProtocol> </system.webServer> </configuration>
If the web.config file already exists in the directory, you may only need to add the section or section.

More Information

For more information about CORS, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.

Article Details

Other Articles in This Category

Show More

Related Articles

Show More

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.