I have 2 websites running as 'abc.example.net' & 'xyz.example.net'. if i make a ajax call 'abc.example.net/product/ajax/list' from 'abc.example.net' its working fine. if i make a ajax call 'xyz.example.net/product/ajax/list' from 'xyz.example.net' its working fine. but if i try to call 'xyz.example.net/product/ajax/list' from 'abc.example.net' i'm getting 302.
I have tried :
add_header Access-Control-Allow-Origin '*';
listen 10.30.30.107:85;
root "D:\ui\builds";
index index.php index.html;
log_not_found off;
charset utf-8;
server_tokens off;
access_log logs\abc.com-access.log;
add_header Access-Control-Allow-Credentials true;
set $cors null;
if ($http_origin ~* (.*\.example.net)){set $cors $http_origin;}
add_header 'Access-Control-Allow-Origin' $cors;
add_header Strict-Transport-Security "max-age=31536000";
add_header Content-Security-Policy "frame-ancestors 'self' http://*.example.net";
add_header X-XSS-Protection 1;
}
I want the list ajax call to return all the expected result.(successful execution of api)
