Discussion:
[chromium-discuss] Access-Allow-Origin Page breaks with sad smile
Vishal Koyalkar
2018-11-28 04:57:39 UTC
Permalink
We have a application which is exposed via IAC, which is getting loaded in iFrame of Domain 1, end user facing this issue as the details in the iFrame are expected to be deliverer by different domain 2. Chrome blocks this transaction as CROS issue.
we have gone through some on-line forums [ ref url listed below ] which says to add Access-Allow-Origin in the apache httpd config file. we seek chrome advise on this fix as our client is looking for an endorsement form the Product as in this fix should not cause other issue. also we want to knowhow we can have this method to only apply when the request/application is accessed from chrome.

Please help confirm the solution is ok to proceed

URL's: https://stackoverflow.com/questions/33168189/cors-not-working-on-chrome-firefox-and-apachehttps://stackoverflow.com/questions/13421463/htaccess-access-control-allow-origin
--
--
Chromium Discussion mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+***@chromium.org.
PhistucK
2018-11-28 07:26:28 UTC
Permalink
As far as I know, iFrames are not subject to CORS, actually, so this is
probably not the issue here.

The log seems weird, though.
I guess that the 0 () error is for the iFrame, but I obviously cannot
confirm that, you will have to see what is the URL of that erroneous iFrame
(Chrome is not helpful in providing iFrame errors to the user) and see
which log entry corresponds to it.
0 () usually means it could not reach the URL, I think.

That 200 (OK) error is also a bit weird, but perhaps it has something to do
with the error that comes next (the blocking).

Also, your URL is wrongly secure (see the "Not secure" indication next to a
struck-through "https"). If the iFrame is also wrongly secure but you have
not gone to that domain by yourself (in a full tab) first and confirmed the
security warning, the iFrame will not show content from such domains. That
might be the issue here. Make sure your security configuration is valid on
both of the domains and see if the problem persists.

☆*PhistucK*
Post by Vishal Koyalkar
We have a application which is exposed via IAC, which is getting loaded in iFrame of Domain 1, end user facing this issue as the details in the iFrame are expected to be deliverer by different domain 2. Chrome blocks this transaction as CROS issue.
we have gone through some on-line forums [ ref url listed below ] which says to add Access-Allow-Origin in the apache httpd config file. we seek chrome advise on this fix as our client is looking for an endorsement form the Product as in this fix should not cause other issue. also we want to knowhow we can have this method to only apply when the request/application is accessed from chrome.
Please help confirm the solution is ok to proceed
URL's: https://stackoverflow.com/questions/33168189/cors-not-working-on-chrome-firefox-and-apachehttps://stackoverflow.com/questions/13421463/htaccess-access-control-allow-origin
--
--
http://groups.google.com/a/chromium.org/group/chromium-discuss
---
You received this message because you are subscribed to the Google Groups
"Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an
--
--
Chromium Discussion mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+***@chromium.org.
Loading...