please consider using config.php
instead of config.yaml
:
<?php
return [
'cors' => [
'allowedOrigins' => in_array($_SERVER['HTTP_ORIGIN'], ['https://domainone.com', 'https://domaintwo.com'])
? $_SERVER['HTTP_ORIGIN'] : 'https://domainone.com'
]
];
if you use the php based configuration, then you’re more flexible (eg using env variables for dynamic config)