Stack Overflow
Stack Overflow

Questions tagged [cross-domain-policy]

Cross-domain policy refers to the browser restrictions on script, stylesheet, and plugin execution across domains, protocols, and ports.

201 questions
46
votes
7 answers

Font Awesome icons not showing in Chrome, a MaxCDN related Cross-Origin Resource Sharing policy issue

just noticed on several websites that the font awesome icons aren's showing in Google Chrome. The console shows the following error: Font from origin 'http://cdn.keywest.life' has been blocked from loading by Cross-Origin Resource Sharing…
Yatko
  • 8,715
  • 9
  • 40
  • 46
39
votes
7 answers

.NET Core UseCors() does not add headers

This would be a duplicate of How does Access-Control-Allow-Origin header work?, but the method there also isn't working for me. I'm hoping I'm just missing something. I am trying to get a Access-Control-Allow-Origin header in my response from my…
David
  • 4,744
  • 5
  • 33
  • 64
33
votes
7 answers

How to call external url in jquery?

I am trying to put comments on Facebook wall using jquery. But my ajax call not alowing external url . can anyone explain how can we use external url with jquery ? below is my code : var…
user319198
25
votes
5 answers

Check if same origin policy applies

Is there a "safe" way to check if the same origin policy applies to an URL before actually trying to use ajax methods? Here is what I have: function testSameOrigin(url) { var loc = window.location, a = document.createElement('a'); …
David Hellsing
  • 106,495
  • 44
  • 176
  • 212
18
votes
1 answer

JavaScript access from parent domain to subdomain?

I've read that setting document.domain = "example.com" lets me access the parent domain from a subdomain. Will the same work the other way around? Let's say my main site is running under http://example.com. All API functions that I want to access…
Mark
  • 1,447
  • 2
  • 14
  • 26
17
votes
2 answers

Access-Control-Allow-Origin not working for iframe within the same domain

I'm trying to access an iframe within a subdomain and get a cross domain error. Here is the code of example.mydomain.com/iframe_test.html:
Edi
  • 969
  • 3
  • 9
  • 20
14
votes
1 answer

What is Firebase's cross-domain policy?

How does Firebase handle cross origin issues, and what are the underlying security concerns and how are they handled?
Rob DiMarco
  • 13,226
  • 1
  • 43
  • 55
12
votes
1 answer

Is there cross domain policy in a UIWebView?

I am loading html into a UIWebView from iOS local file system. That HTML page is requesting json data on our server. I can fetch the json data, so the question is, is there no cross domain policy in a UIWebView, or am I missing out something here?
user920041
10
votes
4 answers

Refused to get unsafe header "Location"

I have a website and my REST api server. I do ajax post request to the REST server to create new model. Answer for this request will be "HTTP/1.1 201 Created" response with header "Location: http://myapi.com/some/path/111" But I get error message…
Eugene Manuilov
  • 4,271
  • 8
  • 32
  • 48
10
votes
3 answers

Can't access an about:blank iframe in IE after the document.domain changes

Does anyone know of any workarounds to creating an about:blank iframe on a page in IE when the document.domain has changed? IE doesn't seem to allow access to empty/dynamic iframes after the document.domain property has been altered. For example,…
smithclay
  • 3,376
  • 1
  • 19
  • 25
8
votes
1 answer

HTML5 video doesn't play with crossOrigin="anonymous"

I am trying to integrate the HTML5 video player in my application. My video sources and the caption (for track tag) are coming from a different domain. When I use the
Adarsh Konchady
  • 2,577
  • 5
  • 30
  • 50
7
votes
1 answer

Is it possible to use HTML5's pushState() across multiple domains?

I have almost impossible problem, but I am hoping someone could come up with some working solution or workaround. I have a website where I use History.js to do on-demand page changes to prevent loading full page when clicking on links. My website…
Frodik
  • 14,986
  • 23
  • 90
  • 141
7
votes
1 answer

jQuery and Cross Domain POST Requests

I'm developing a jQuery plug-in that will be a connector for some REST API. The implementation is straight forward, but the same origin policy is definitely painfull. I need to perform mostly POST requests. I also tried to implement the OPTIONS…
Cesar
  • 4,418
  • 2
  • 31
  • 37
7
votes
1 answer

Google Apps script get Parent URL to iFrame in Javascript

I've searched many forums and am pretty confident this will be a no, but I thought I would open it up to the community just in case ;) I've been tasked with creating a tool on our Google Sites pages that records the visit times of our employees…
Nathaniel MacIver
  • 387
  • 1
  • 4
  • 21
6
votes
2 answers

Is it possible to set some http headers while http-redirect(302 or 307)?

Is it possible to set some http headers while http-redirect(302 or 307)?
4esn0k
  • 61
  • 1
  • 3
1
2 3
13 14