Skip to main content

On Sale: GamesAssetsToolsTabletopComics
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines

Qs about CORS and adding headers in .htaccess file on remote server

A topic by UnicorMaid Frankenstein created May 03, 2021 Views: 880
Viewing posts 1 to 1
(6 edits)

So i got my cross origin resource sharing working with my HTML5 app on itch.io  by putting a .htmaccess file in my source folder on my server.

But now I have some related questions.

My .htaccess file (on my server) looks like this:

Header add Access-Control-Allow-Origin "*"

Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"

Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"


This totally works, but it seems like the wildcard is pretty wide open, and it would be better to give access to  itch.io specifically. What should that look like?  I see it should be a reference to the itch.io domain some how... perhaps something like-  Header add Access-Control-Allow-Origin  "https://itch.io"   -or-    Header add Access-Control-Allow-Origin "https://itch.zone"   -or-    Header add Access-Control-Allow-Origin ">https://itch.zone"  -or-  Header add Access-Control-Allow-Origin "https://v6p9d9t4.ssl.hwcdn.net/"   -or-     Header add Access-Control-Allow-Origin "https://MyUserName.itch.io"   ?     I guess I mean to ask,  what is the itch domain i should  list to allow CORS?  And doing that would mean only listed URLs would have access.                                    And some documentation says "set" instead of "add"    -  does it matter?

Next, in that methods section  should I really have -PUT, GET, POST, DELETE, OPTIONS -  all listed?  is it better just to have GET and POST if that is all i am using?  That is to say, it seems that I am  potentially giving a lot of control to anyone who can find these files.  

Finally,  once I GET a url , the browser seems to hold that data for some time before it changes on reload, even if i change the file.  Is there a way to clear that data from the browser?  Where is it stored?  It seems to update on its own eventually...

Hopefully these questions are not too simplistic, but exploring this is quite interesting. It is a bit tough to explore, because it seems to take quite some time before the .htaccess changes (and also the  GET data) take effect.   Probably a non- itch issue,  but perhaps someone(s) can help me  understand more


Thanks!

UMF

This topic has been auto-archived and can no longer be posted in because there haven't been any posts in a while.