Some ways that come to mind:
- Force a redirect. Can be done even with
.htaccessor Javascript if you don’t control the domain. Might be a bad idea though if the website isn’t yours either. - Find out which domain the user is on from
window.location.hostnameand adjust your liveupdate url.- I think this may have some issues inside an
iframe. But in that case I guess you can control the domain? We had some relevant discussion here.
- I think this may have some issues inside an
- Make sure both ways of accessing the game are allowed through the
Access-Control-Allow-Originheader. Some more info on that:- Multiple values are not allowed on this header. You can set either one value, or a wildcard
*. - Using the wildcard is somewhat insecure, and only works with
GETrequests if I recall correctly. Should be fine for you if you’re just exposing a zip file. - You can also put the
.htaccessinside the liveupdate folder, so that any CORS headers you apply to that don’t spill out on the rest of the website. - The recommended way to allow a list of specific domains is to read the
ORIGINheader, and if it exists in your list of domains, set it on the header. An example for apache is here. Or if you don’t control the apache server maybe this example which shows how to do it with.htaccess.
- Multiple values are not allowed on this header. You can set either one value, or a wildcard
The last one is probably the least intrusive.