cors

An API generally doesn't want to restrict a request's origin. However, some things don't work well with Access-Control-Allow-Origin: *. So, the way around that is to just mirror back the Origin that a client sends. This apache config sets Access-Control-Allow-* headers when it receives an Origin header from a client, and mirrors the requested Origin back in the Access-Control-Allow-Origin header.