How to limit Access-Control-Allow-Origin to a specific path?

Posted by coderama on Stack Overflow See other posts from Stack Overflow or by coderama
Published on 2014-06-09T03:20:37Z Indexed on 2014/06/09 3:25 UTC
Read the original article Hit count: 145

Filed under:
|

I have a website that servies ads via javascript. So, I basically allow the user to include my script.... :

<script src="http://www.example.com/ads.js" ></script>
<script>
    MYADDS.insertAdvert(); 
</script>

The problem is, I kept getting: "No Access-Control-Allow-Origin" Errors. That was until I added this to my htaccess file:

<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"
</IfModule>

Problem is, this opens up my entire site and is probably a security risk. So, seeing as the ads.js file actually only does an ajax request to:

http://www.example.com/place/where/my/adds/are/fed/from

How can I make the above htaccess rule only apply to that path? Keep in mind, it's not an actualy directory, so I can't put the htaccess file in that folder. It's actually a "virtual path". The site is built using Laravel and therefore does the typical laravel path rewriting. Here's teh full htaccess file:

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect Trailing Slashes...
    RewriteRule ^(.*)/$ /$1 [L,R=301]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php/$1 [L]

</IfModule>

Any ideas how to do this?

© Stack Overflow or respective owner

Related posts about .htaccess

Related posts about laravel-4