Jim_K Posted February 13 Posted February 13 I have an invision site (e.g. forum.mysite.com) and I want to enable it's forum RSS feed to be read by javascript inside the browser of a page on another site: other.mysite.com. To do this requires that the invision site set the `Access-Control-Allow-Origin: other.mysite.com`. Is this possible via configuration of the invision site? Note that I'm using the hosted solution from invision.
Randy Calvert Posted February 13 Posted February 13 ACP > System > Settings > Advanced Configuration Under the "Server Environment" tab is a section called "Security". After you make this change, you may need to clear your system cache and for any guests accessing the site, you may need to wait 15 minutes for any pages cached by the CiC CDN to clear. Make sure you fully trust this other site as this makes it possible for it to do some rather nasty things if that other site is compromised or anything similar. Marc 1
Jim_K Posted February 14 Author Posted February 14 Hi @Randy Calvert. Thank you for the response. I see that this allows one to set the Content-Security-Policy HTTP header (a.k.a CSP), but there does not seem to be any way to set the Access-Control-Allow-Origin HTTP header (a.k.a. CORS). This is slightly different.
Jim_K Posted February 14 Author Posted February 14 @Randy Calvert @Marc Stridgen Any ideas about how do might generally solve this? Could we put Cloudflare in front of the forum and have it set custom headers? Could we host Invision on our own server and modify its source code?
Marc Posted February 15 Posted February 15 Ive tagged devs on this to see if this is possible to do. In terms of hosting invision yourself, you would need a classic license in order to do this
Recommended Posts