Reputation: 4646
how to allow cross scripting for a specific site?
I'm trying to test my website with Optimizely (a name of a tool allowing to create A/B tests etc).
This tool tries to load my page inside an iframe and I get JS error: blocked a frame with origin "...optimizely..." from accessing a frame with origin "...my site..." protocols domains and ports must match.
I want to somehow allow optimizely to access my site and run the JS - what should I do?
I read I can add an http-header to allow such access, but I can't find if I can define it to allow for a specific site (I don't want to create a security breach)
I read something about
window.postMessagebut I guess I need to change code on both sides - and I won't be able to change Optimizely code
Upvotes: 2
Views: 6745
Answers (1)
Reputation: 5067
You can use Cross Origin Resource Sharing to allow other sites to download your content via AJAX (I hope it also works in your case). Here you have to use the header Access-Control-Allow-Origin with a list of all domains your site wants to provide access to. Example:
Access-Control-Allow-Origin: http://www.example-social-network.com
More information about CORS, you will find on the Wikipedia article: https://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing
Upvotes: 1
Related Questions
- Cross-Domain requests with Javascript or Java
- How to make a cross domain request from javascript
- Cross domain requests using javascript
- cross domain javascript
- How to make cross domain XHR request
- Javascript cross domain - "allow" other domains?
- cross-site request
- javascript cross-domain issue
- cross-domain javascript
- Javascript security / cross scripting on same server