CORS with iFrame

  • drupalpress

    (@drupalpress)


    8 years ago

    A site I help out with for a company that offers training/safety courses for contractors uses a third-party scheduling system to handle their registrations. The course schedule gets iFramed in and is just accessible via a subdomain “secure.domain.com”. Recently, they split the site into two websites (two separate domains) to handle courses in two different states.

    The company that does the scheduling wanted me to enable CORS so that they could identify which location is accessing the schedule to serve the right one. At this point I’ve tried enabling CORS through the .htaccess, functions.php, and the http headers plugin. All 3 enable CORS and I can see the allow-origin response header for files and scripts but it’s not being returned on the iFrame for the class schedule which is the object they need it to be on.

    I’ve never dealt with CORS before, I get the gist of it, but at this point I’m starting to think it’s not something I’m doing incorrectly and it’s something they need to do on their end since I can see the appropriate response headers on everything besides their iFrame. Anyone have any experience or advice with this?

Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    7 years, 11 months ago

    Sorry for the slow reply. I hope you’ve solved this by now, but here’s my 2 cents worth in any case:

    Serving dynamic iframe content based on referrer is not the purpose of CORS. I suppose the server can read the origin header, but the expected HTML content type response is not allowed in CORS, so this cannot be a formal CORS transaction. There is no need to use CORS to determine the referrer, it’s part of every HTTP request. I’m assuming the iframe request is as normal, a result of the iframe src attribute, and there is no scripting involved in making the request.

Viewing 1 replies (of 1 total)

The topic ‘CORS with iFrame’ is closed to new replies.

Tags