So i got my cross origin resource sharing working with my HTML5 app on itch.io by putting a .htmaccess file in my source folder on my server.
But now I have some related questions.
My .htaccess file (on my server) looks like this:
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
This totally works, but it seems like the wildcard is pretty wide open, and it would be better to give access to itch.io specifically. What should that look like? I see it should be a reference to the itch.io domain some how... perhaps something like- Header add Access-Control-Allow-Origin "https://itch.io" -or- Header add Access-Control-Allow-Origin "https://itch.zone" -or- Header add Access-Control-Allow-Origin ">https://itch.zone" -or- Header add Access-Control-Allow-Origin "https://v6p9d9t4.ssl.hwcdn.net/" -or- Header add Access-Control-Allow-Origin "https://MyUserName.itch.io" ? I guess I mean to ask, what is the itch domain i should list to allow CORS? And doing that would mean only listed URLs would have access. And some documentation says "set" instead of "add" - does it matter?
Next, in that methods section should I really have -PUT, GET, POST, DELETE, OPTIONS - all listed? is it better just to have GET and POST if that is all i am using? That is to say, it seems that I am potentially giving a lot of control to anyone who can find these files.
Finally, once I GET a url , the browser seems to hold that data for some time before it changes on reload, even if i change the file. Is there a way to clear that data from the browser? Where is it stored? It seems to update on its own eventually...
Hopefully these questions are not too simplistic, but exploring this is quite interesting. It is a bit tough to explore, because it seems to take quite some time before the .htaccess changes (and also the GET data) take effect. Probably a non- itch issue, but perhaps someone(s) can help me understand more
Thanks!
UMF