An answer on SO to the same nice - and following guidelines - question but for Apache, how to set Access-Control-Allow-Origin entry header for multiple origin domains deals with .htaccess, checking from a list of allowed origins and returning the specific value:
<IfModule mod_headers.c>
SetEnvIf Origin "<regex-matching-allowed-origin-domains>" \
AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e \
env=AccessControlAllowOrigin
Header merge Vary Origin
</IfModule>
Is there a way to do the same configuration for Tomcat, rather than allowing from any origin as shown below ?
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
