Access-Control-Allow-Origin wildcard subdomains, ports and protocols

#1
I'm trying to enable CORS for all subdomains, ports and protocol.
Typically, I'd like to enable request from origins matching (and limited to):
//*.mywebsite.com:*/*

Just like the guy below :
The same issue with Apache

They have found a way to make it work for the Apache, But what about litespeed 's rewrite rule ?
Still like the same ?

SetEnvIf Origin ^(https?://.+\.mywebsite\.com(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=$1
Header append Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN
Header merge Vary "Origin"


should this rule in .htaccess file with litespeed/OLS work ?
Or should it need to reform ? or Is there any way to make the same function by using the multiple header?
 
#2
I know that if we set the follow directives in header operation of parent domain host, than it should work for subdomains ,but this is open up your servers bandwidth to resource thieves / hot-link-er types. It's unsafe.

Access-Control-Allow-Origin *

or

set Access-Control-Allow-Origin: *

Can anybody suggest a better header operation directives or rules work with litepseed/OLS ?
 
Top