Jump to content

Setting CORS Header of Invision site


Jim_K

Recommended Posts

I have an invision site (e.g. forum.mysite.com) and I want to enable it's forum RSS feed to be read by javascript inside the browser of a page on another site: other.mysite.com.  To do this requires that the invision site set the `Access-Control-Allow-Origin: other.mysite.com`.  Is this possible via configuration of the invision site?  Note that I'm using the hosted solution from invision.

Link to comment
Share on other sites

ACP > System > Settings > Advanced Configuration

Under the "Server Environment" tab is a section called "Security".

Could contain: Page, Text, File, Webpage

After you make this change, you may need to clear your system cache and for any guests accessing the site, you may need to wait 15 minutes for any pages cached by the CiC CDN to clear.  

Make sure you fully trust this other site as this makes it possible for it to do some rather nasty things if that other site is compromised or anything similar.  

Link to comment
Share on other sites

Hi @Randy Calvert.  Thank you for the response.  I see that this allows one to set the Content-Security-Policy HTTP header (a.k.a CSP), but there does not seem to be any way to set the Access-Control-Allow-Origin HTTP header (a.k.a. CORS).  This is slightly different.

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...