How to Enable CORS for multiple domains in PHP

In this tutorial we will explain how to permit CORS requests for multiple origins in PHP.

To get the response from a simple cross-origin POST request, we need to include the header Access-Control-Allow-Origin. The specification of Access-Control-Allow-Origin allows for multiple origins, or the value null, or the wildcard *.


Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: null

Check the following code to enable CORS for multiple domains.

$allowedOrigins = [
   '' ,
   '' ,

if(in_array($_SERVER['HTTP_ORIGIN'], $allowedOrigins))
	$http_origin = $_SERVER['HTTP_ORIGIN'];
} else {
	$http_origin = "";
header("Access-Control-Allow-Origin: $http_origin");

In the above code, we have taken an array of multiple domains which we want to allow in Access-Control-Allow-Origin.

Use the $_SERVER['HTTP_ORIGIN'] variable to verify which domain the request comes from and then conditionally set the Access-Control-Allow-Origin.

31-August 12:00 AM 1294 Views

 Prev question

Next question