Setting CORS Header of Invision site

[Jim_K]

I have an invision site (e.g. forum.mysite.com) and I want to enable it's forum RSS feed to be read by javascript inside the browser of a page on another site: other.mysite.com.  To do this requires that the invision site set the `Access-Control-Allow-Origin: other.mysite.com`.  Is this possible via configuration of the invision site?  Note that I'm using the hosted solution from invision.

[Randy Calvert]

ACP > System > Settings > Advanced Configuration

Under the "Server Environment" tab is a section called "Security".

After you make this change, you may need to clear your system cache and for any guests accessing the site, you may need to wait 15 minutes for any pages cached by the CiC CDN to clear.  

Make sure you fully trust this other site as this makes it possible for it to do some rather nasty things if that other site is compromised or anything similar.  

[Jim_K]

Hi @Randy Calvert.  Thank you for the response.  I see that this allows one to set the Content-Security-Policy HTTP header (a.k.a CSP), but there does not seem to be any way to set the Access-Control-Allow-Origin HTTP header (a.k.a. CORS).  This is slightly different.

[Jim_K]

@Randy Calvert  @Marc Stridgen

Any ideas about how do might generally solve this?

Could we put Cloudflare in front of the forum and have it set custom headers?

Could we host Invision on our own server and modify its source code?

[Marc Stridgen]

Ive tagged devs on this to see if this is possible to do. 

In terms of hosting invision yourself, you would need a classic license in order to do this