Question Additionals headers: Access-Control-Allow-Origin for 2 domains

[Erwan]

Hi all,

We have a website with two domains (domain A and domain B (alias)).
We have errors with the "Access-Control-Allow-Origin" for domain B (javascript).

So, we have put this in the Additionals headers (plesk):
Header always set Access-Control-Allow-Origin: "https://www.domainA.com"

No error with the domain A but error with the domain B:
Access to XMLHttpRequest at 'https://www.domainA.com/wp-admin/admin-ajax.php?action=pll_xdata_get&redirect=...' from origin 'https://www.domainB.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://www.domainA.com' that is not equal to the supplied origin.

if we do the reverse, domain B works but not A.

I we put:
Header always set Access-Control-Allow-Origin: "*"
We have this error:
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribut.

Question:
How can we have two domains in the Additionals headers with "Access-Control-Allow-Origin" ?

Thank you.

Erwan