.htaccess CORS queston

I am facing an issue that I am lost my skills are bad at this and I am lost in loop not sure what to try anymore.

I have installed a CORS proxy server (https://github.com/Athlon1600/php-proxy-app) to my server here (https://www.proxy.webdesign-flash.ro/) for a radio player that loads HTTP SHOUTcast on an SSL https secure domain so I need that but I want to limit access only to my domain so calls to this script have to be only allowed from my domain.

I’ve tried to add a .htaccess with Header set Access-Control-Allow-Origin https://www.webdesign-flash.ro/ but it dose not work, I have no idea what I am doing wrong.

Any help is appreciated it.

Thank you.


I use htaccess:

<IfModule mod_headers.c>
# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, Refresh, accept, client-security-token, Projectid"

# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteRule ^(.*)$ $1 [R=200,L]

You can add your own headers.

Thank you for this but I want to restrict access only to my domain, so calles form ajax to this script to be allowed only if the script is called from my domain, if I add the header only to my domain it does not work at all.

Header always set Access-Control-Allow-Origin https://my-domain.com

Thank you.

The domain in quotation marks? You can share htaccess file?

This is how it looks Header set Access-Control-Allow-Origin https://webdesing-flash.ro

I am willing to pay for this so please any PHP developer that can help me with this let me k now it is driving me crazy.

So basically I have a php proy cors script that I only want to be allowed to be called via ajax from my domain.

Thank you.

Make sure that you have mod_headers enabled (a2enmod headers / service apache2 restart)

Then you can use :

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "https://webdesing-flash.ro"

If you want to only allow AJAX calls, you also have to filter X-Requested-With: XMLHttpRequest (I think that you need to use SetEnvIfNoCase and Order Deny, Allow). Please note that any header information can be spoofed so this is not a secure option.

Please check here, click play do not change track https://www.webdesign-flash.ro/ht/rap/start/work.html#/player1?catid=0&trackid=21

I’ve added as you asked still it dose not work on the live stream.

Both links are working for me :



It did not worked for me not sure why.

I give up, wasted almost a week on this crap, I am exhausted.

Do you guys know any https shoutcast stream, I could not find any it seam that all Shoutcast streams are http.

Thank you.