How to allow origin header for multiple sites?

please consider using config.php instead of config.yaml:

<?php

return [

  'cors' => [

    'allowedOrigins' => in_array($_SERVER['HTTP_ORIGIN'], ['https://domainone.com', 'https://domaintwo.com']) 
                        ? $_SERVER['HTTP_ORIGIN'] : 'https://domainone.com'
  ]

];

if you use the php based configuration, then you’re more flexible (eg using env variables for dynamic config)

1 Like