Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?
I’m aware of the *, but it is too open. I really want to allow just a couple domains.
As an example, something like this:
Access-Control-Allow-Origin: http://domain1.example, http://domain2.example
I have tried the above code but it does not seem to work in Firefox.
Is it possible to specify multiple domains or am I stuck with just one?