2 replies

Is this is valid Access-Control-Allow-Origin?

This is my http endpoint return:

    return new Response(null, {
      status: 200,
      headers: new Headers({
        "Access-Control-Allow-Origin": "*.xyz.com",
      }),
    });

    return new Response(null, {
      status: 200,
      headers: new Headers({
        "Access-Control-Allow-Origin": "*.xyz.com",
      }),
    });

    return new Response(null, {
      status: 200,
      headers: new Headers({
        "Access-Control-Allow-Origin": "*.xyz.com",
      }),
    });

    return new Response(null, {
      status: 200,
      headers: new Headers({
        "Access-Control-Allow-Origin": "*.xyz.com",
      }),
    });

Would this be valid?

"Access-Control-Allow-Origin": "*.xyz.com"

"Access-Control-Allow-Origin": "*.xyz.com"

"Access-Control-Allow-Origin": "*.xyz.com"

"Access-Control-Allow-Origin": "*.xyz.com" ? If not, is there a workaround?
Sorry, too lazy to test myself.