Recently I had the challenge to implement crossdomain crossite Ajax calls within a htaccess protected environment (a crossover between Magento and Contao => both PHP-applications). But when the one application tried to call the other one via Ajax, I got the following error message in my developer  console in Chrome and Firefox and the call didn’t took place: […]
To Allow crossite calls via Ajax or for Fonts and so one, from specific subdomains: <IfModule mod_headers.c> SetEnvIfNoCase Origin “https?://(www\.|sub1\.|sub2\.|sub3\.|sub4\.)?(ask-sheldon\.com)(:\d+)?$” AccessControlAllowOrigin=$0 Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin Header set Access-Control-Allow-Credentials true </IfModule> Or you can place a crossdomain.xml in your DocumentRoot (does not work everywhere) <?xml version=”1.0″?> <cross-domain-policy> <allow-access-from domain=”*.ask-another-sheldon.com” /> <allow-access-from domain=”*.ask-anothernother-sheldon.com” /> </cross-domain-policy>
