CodeIgniter Forums

Full Version: CORS Usage in Controller
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi,

I was working on security of API. Did anyone let me know how we can apply CORS in elegant way?

Or what you recommend for Security of API to not expose to outer world?
I do it like this for fonts for security you may need to do it different.

Code:
    # Add Font Types
    AddType application/vnd.ms-fontobject .eot
    AddType font/truetype .ttf
    AddType font/opentype .otf
    AddType font/opentype .woff
    AddType font/opentype .woff2
    AddType image/svg+xml .svg .svgz

    <FilesMatch ".(eot|ttf|otf|woff|woff2|svg|svgz)">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>

You can read all about it from the link below.

Cross-Origin Resource Sharing (CORS)
(04-12-2019, 03:19 PM)InsiteFX Wrote: [ -> ]I do it like this for fonts for security you may need to do it different.

Code:
    # Add Font Types
    AddType application/vnd.ms-fontobject .eot
    AddType font/truetype .ttf
    AddType font/opentype .otf
    AddType font/opentype .woff
    AddType font/opentype .woff2
    AddType image/svg+xml .svg .svgz

    <FilesMatch ".(eot|ttf|otf|woff|woff2|svg|svgz)">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>

You can read all about it from the link below.

Cross-Origin Resource Sharing (CORS)


what if I want to allow one controller to only abc.com and other controller to xyz.com?
Access-Control-Allow-Origin: http://your.com/controller1
Access-Control-Allow-Origin: http://your.com/controller2

Change your.com to your site and controller# to your controllers.