How to enable Cross-Origin Resource Sharing (CORS)

This article describes how to enable Cross-Origin Resource Sharing (CORS) for your site. CORS enables web browsers to access resources at a different location from where the web application is running. For example, if you have an application running on https://example.com that requests resources from https://example-2.com, the server on example-2.com must allow such requests.

Enabling CORS

To enable CORS, you must configure the web server to send an HTTP header that permits remote access to its resources. The procedure to do this varies based on the server's operating system.

CORS on Linux hosting accounts

For Linux hosting accounts, create or modify the .htaccess file in the directory where you want to permit CORS requests. Add the following line to the .htaccess file:

Header set Access-Control-Allow-Origin "*"

CORS on Windows hosting accounts

For Windows hosting accounts, create or modify the web.config file in the directory where you want to permit CORS requests. Add the following lines to the web.config file:

<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="Access-Control-Allow-Origin" value="*" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

More Information

For more information about CORS, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.