There are a lot o topics about 'Access-Control-Allow-Origin', but I couldn't find one for Openseadragon which is for sub-domain name. My website is exampple.domain.com trying to open DZI from anotherexampple.domain.com and I have an error:
XMLHttpRequest cannot load anotherexampple.domain.com/123.dzi . No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' exampple.domain.com ' is therefore not allowed access.
Both websites are using the same protocol HTTPS, and server is IIS
Server for exampple.domain.com is set up with:
Access-Control-Allow-Origin: *
And server for anotherexampple.domain.com is set up with:
Access-Control-Allow-Origin: *.domain.com
Also, openseadragon has settings:
crossOriginPolicy: 'Anonymous',
ajaxWithCredentials: false,
Can somebody tell me how to fix CORS issue for same domain with different sub-domains? Thanks in advance.
Access-Control-Allow-Origin: *.domain.com
The Access-Control-Allow-Origin
header doesn't support partial wildcards.
Either use *
or the full origin name.
You can read the Origin
request header, pattern match it, and then echo it out on the server if you want to whitelist everything on a particular domain.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
You might have tried to set the Access-Control-Allow-Origin
header, but it clearly hasn't worked. You need to reexamine your configuration.
This link has a nice explanation for possible values for 'Access-Control-Allow-Origin'. unfortunately you do not have much options, other than '*' or single domain like ' http://example.com '
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.