Send CORS headers if browsers request them. This enables CORS-enabled…

… images (@crossorigin). Closes h5bp#797.
zhj3618 · Nov 28, 2011 · 2727fa2 · 2727fa2
1 parent fdb58e6
commit 2727fa2
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/.htaccess b/.htaccess
@@ -38,7 +38,7 @@
 # Cross-domain AJAX requests
 # ----------------------------------------------------------------------
 
-# Serve cross-domain ajax requests, disabled.
+# Serve cross-domain Ajax requests, disabled by default.
 # enable-cors.org
 # code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
 
@@ -47,6 +47,22 @@
 #  </IfModule>
 
 
+# ----------------------------------------------------------------------
+# CORS-enabled images (@crossorigin)
+# ----------------------------------------------------------------------
+
+# Send CORS headers if browsers request them; enabled by default.
+# developer.mozilla.org/en/CORS_Enabled_Image
+# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
+# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
+
+<IfModule mod_setenvif.c>
+  <IfModule mod_headers.c>
+    SetEnvIf Origin ":" IS_CORS
+    Header set Access-Control-Allow-Origin "*" env=IS_CORS
+  </IfModule>
+</IfModule>
+
 
 # ----------------------------------------------------------------------
 # Webfont access