I'm trying to set Access-Control-Allow-Origin header to all but cannot use wildcard since it's not allowed with allow credentials. So my solution is to set origin header to whatever the domain is, something like:
Header set Access-Control-Allow-Origin "%{HTTP_REFERER}e"
but that includes URI as well. I can I strip uri form HTTP_REFERER so i get https://www.example.com ?
Many thanks
Try this:
SetEnvIf Origin ".+" ACAO=$0
Header set Access-Control-Allow-Origin "%{ACAO}e"