There are a lot o topics about 'Access-Control-Allow-Origin', but I couldn't find one for Openseadragon which is for sub-domain name. My website is exampple.domain.com trying to open DZI from anotherexampple.domain.com and I have an error:
XMLHttpRequest cannot load anotherexampple.domain.com/123.dzi. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'exampple.domain.com' is therefore not allowed access.
Both websites are using the same protocol HTTPS, and server is IIS
Server for exampple.domain.com is set up with:
Access-Control-Allow-Origin: *
And server for anotherexampple.domain.com is set up with:
Access-Control-Allow-Origin: *.domain.com
Also, openseadragon has settings:
crossOriginPolicy: 'Anonymous',
ajaxWithCredentials: false,
Can somebody tell me how to fix CORS issue for same domain with different sub-domains? Thanks in advance.
Access-Control-Allow-Origin: *.domain.com
The Access-Control-Allow-Origin
header doesn't support partial wildcards.
Either use *
or the full origin name.
You can read the Origin
request header, pattern match it, and then echo it out on the server if you want to whitelist everything on a particular domain.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
You might have tried to set the Access-Control-Allow-Origin
header, but it clearly hasn't worked. You need to reexamine your configuration.