I currently use this which works perfectly in allowing cross-domain Ajax requests.
SetEnvIf Origin "^http(s)?://(.+\\.)?(my-specified-domain\\.com)$" origins_is=$0
Header add Access-Control-Allow-Origin %{origin_is}e env=origin_is�
Header add Access-Control-Allow-Credentials: true�
However, is it possible to do this without hard-coding the domain name?
I believe you can’t embed a variable inside SetEnv and I just can’t see a way to allow the alternative scheme, whatever domain you are hosting the site on.
Surely this is an obvious and essential requirement. Who wants to hard-code the domain every time?
Maybe the best way would be to match up against the ServerName setting (e.g. in the virtual host). If the URL matches that (regardless of scheme) then allow the cross-domain request.