Mixing domains, CORS and webgl problem

We have a WebGL build in one domain, when we try to download bundles and images from another domain, it result in an error.

We look into this documentation , and added the CORS to the domain: “Access-Control-Allow-Origin” : “*”. But the error persist.

For the download we are using WWW.

Error :
XMLHttpRequest cannot load domain1.co. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://domain2.co’ is therefore not allowed access.

We are experiencing the same problem when accessing data from a subdomain.

Our .htaccess file has the following content:
Header add Access-Control-Allow-Origin “*”
Header always set Access-Control-Allow-Headers “Accept, X-Access-Token, X-Application-Name, X-Request-Sent-Time”
Header always set Access-Control-Allow-Methods “PUT, GET, POST, DELETE, OPTIONS”
Header always set Access-Control-Max-Age “1000”
Header always set Access-Control-Allow-Credentials “true”

When testing via: http://www.webconfs.com/http-header-check.php
We get a correct respons, showing that the configuration of .htaccess is correct.

Even adding the following to the PHP file didn’t seem to effect it.
header(“Access-Control-Allow-Origin: *”);

Tests shows that accessing the data from another domain, just via a plain PHP file, works fine.
So it seems the problem lies somewhere deeper inside of the javascript code that Unity generates.

You must put the headers in the server response.