Cross-domain issue when trying to render a Polymer element on 3rd party site

[Kay]

So I was doing something like an embedded widget for our service, which offers a string like <script src="http://our-awesome-service.com/scripts/widget.js"></script> that users can take and embed on their own sites, blogs etc., and I encountered a problem that while trying to use the script to append a <link rel="import" href="http://our-awesome-service.com/templates/widget.html"> HTML import programatically on the user's site (say http://user-blog.com), the browser will show an access-control-allow-origin error saying that http://user-blog.com cannot access http://our-awesome-service.com/templates/widget.html

How do I handle this situation? Is it possible to only open CORS for this specific HTML file?

[Scott Miles]

>> How do I handle this situation? Is it possible to only open CORS for this specific HTML file?

Yes, but it's the responsibility of your server. The server must send CORS accept headers for whatever files you want to be able to serve cross-origin.

On Wed, Mar 5, 2014 at 12:56 PM, Kay <balancet...@gmail.com> wrote:

So I was doing something like an embedded widget for our service, which offers a string like <script src="http://our-awesome-service.com/scripts/widget.js"></script> that users can take and embed on their own sites, blogs etc., and I encountered a problem that while trying to use the script to append a <link rel="import" href="http://our-awesome-service.com/templates/widget.html"> HTML import programatically on the user's site (say http://user-blog.com), the browser will show an access-control-allow-origin error saying that http://user-blog.com cannot access http://our-awesome-service.com/templates/widget.html

How do I handle this situation? Is it possible to only open CORS for this specific HTML file?

Follow Polymer on Google+: plus.google.com/107187849809354688692
---
You received this message because you are subscribed to the Google Groups "Polymer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to polymer-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/polymer-dev/261a1826-7397-4bd3-b937-fc6a9f059c55%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Eric Bidelman]

Please try not to cross-post. Scott was double helpful answering your question in both places :)

http://stackoverflow.com/questions/22209091/cross-domain-issue-when-trying-to-render-a-polymer-element-on-3rd-party-site

To view this discussion on the web visit https://groups.google.com/d/msgid/polymer-dev/CAHbmOLb06Qtqr4baFXWJ5Bz5oc1AJ0uhx5d93y91Q-FcaDEi2w%40mail.gmail.com.

[Kay]

Sorry, apparently the response speed is very fast it's enough to only post in one place =)

[Eric Bidelman]

:) We rock 60fps everywhere!

To view this discussion on the web visit https://groups.google.com/d/msgid/polymer-dev/2a81cfb2-7128-4915-9fec-b2a405f6f0c1%40googlegroups.com.

[binish....@pragtech.co.in]

Hello Scott,

We are trying to get-over cross domain issue using CORS in accessing Gmail contents to a CRM application (Gmail-CRM integration). Will you be able give us some inputs.

Issue: We are getting 'Insecure Response Alerts' when trying to call the CRM API from Gadget (Jquery based call).