Uncaught SecurityError: Blocked a frame with origin "http://www.cnn.com" from accessing a frame with origin "http://market-research-services.com". The frame requesting access set "document.domain" to "cnn.com", but the frame being accessed did not. Both must set "document.domain" to the same value to allow access.
I have looked at many posts on this subject, e.g.
- How to circumvent same-origin policy for a 3rd party https site? http://stackoverflow.com/questions/7680776/how-to-circumvent-same-origin-policy-for-a-3rd-party-https-site
- Cross-Origin Resource Sharing http://www.w3.org/TR/cors/
My understanding at this time based on these posts is that I should be able to correct this via the following .htaccess code:
- Code: Select all
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "*"
Header set Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Header set Access-Control-Allow-Credentials true
But I must be missing something, because it isn't working yet.
I have set up a tiny test case at this URL, using CNN.com in the iframe for example purposes:
http://market-research-services.com/Temporary/same_site_origin_anomaly.html
The .htaccess file in that "Temporary" folder contains the following:
- Code: Select all
<IfModule mod_rewrite.c>
RewriteEngine on
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "*"
Header set Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Header set Access-Control-Allow-Credentials true
</IfModule>
However, I am still getting the Uncaught SecurityError message in the browser console.
How can I correct the .htaccess file to allow javascript to run inside the iframe?
Thanks very much in advance to all for any info!