Support for CORS headers for subdomains


Active Member
I was reading this stack overflow answer today and wondering if something similar can be implemented with OLS.
Basically allowing CORS between a main domain and any subdomain.

In Apache, a possible answer is this:
SetEnvIf Origin ^(https?://.+\.mywebsite\.com(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=$1
Header append Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN
Header merge Vary "Origin"
but I'm guessing most of this is not supported by OLS.


Active Member
@Cold-Egg: are there variables available in context headers? The useful would probably be domain aliases.

I have a question about aliases actually. If I want to keep my front-end as and move wp-admin to, should I add as an alias in the virtual host config?


Active Member
Figured out that an alias would not be adequate as aliases are meant to use the same host name for everything. It also would not work because Wordpress hardcodes host names in a lot of locations.

I tried using a virtual host and it sort of works and then does not. First, I meant to say WP_SITEURL above, not WP_HOME. The problem is that having a different host name for WP_SITEURL creates a flow of issues with:
• Ajax requests
• REST API requests
• Security headers (including CORS)
• Authentication cookies
• Front-end page builders (like Elementor)
• Plugin licenses (usually associated with a particular host name)

so I'm not sure it's really a viable solution. I will take a look at WP multisite to see if that could be a solution (though I heard it comes with its own can of worms).