How do you set CORS headers?

[Taylor Johnson]

I have an html5 video player that is throwing 400 errors because the ad server is not properly setting CORS headers. Who can I contact to update this setting on the ad server? Thanks.

[Binny Patel (IMA SDK Team)]

Hi Taylor,

You can configure an allow-origin header to a specific domain (CORS) and set the credentials flag to false as such. 

Access-Control-Allow-Origin: <origin header value>     

Access-Control-Allow-Credentials: true

Talk to your network admin in having these changes set up. Let us know if you have any other questions.

Thanks,

Binny Patel

IMA SDK Team

[Taylor Johnson]

Hi Binny,

Attached is a screenshot of the 400 error we're getting. Since the problem is resource sharing between ad.double.click.net and imasdk.googleapis.com, I'm pretty sure this is out of our hands. I double checked with our siteops to confirm and they agree. Are you sure you cannot set this on your end? Thanks!

--
You received this message because you are subscribed to a topic in the Google Groups "Interactive Media Ads SDK" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ima-sdk/_5_-y_ovrJM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ima-sdk+u...@googlegroups.com.
To post to this group, send email to ima...@googlegroups.com.
Visit this group at https://groups.google.com/group/ima-sdk.
For more options, visit https://groups.google.com/d/optout.

[Binny Patel (IMA SDK Team)]

Hi Taylor,

Thanks for that screenshot. To troubleshoot, can you provide me an ad tag or a live page?     

Thanks,

Binny Patel

IMA SDK Team

[Taylor Johnson]

Unfortunately, we do not have a live page you can access because this is still currently in development. I'm not sure what you mean by ad tag, but attached is a screenshot of the request headers from the network tab in dev tools. Please let me know if I can get you anything else. Thanks!

To unsubscribe from this group and all its topics, send an email to ima-sdk+unsubscribe@googlegroups.com.

[Binny Patel (IMA SDK Team)]

Hi Taylor,

• Are you using a localhost for your implementation? 
• Here is a sample ad tag. Let us know if you can share yours with us so we can take a further look.

Thanks,

Binny Patel

IMA SDK Team

[Taylor Johnson]

1.) Yes, we are using www.local.doctoroz.com which resolves to our localhost.

2.) I cannot provide an ad tag because there is no response fro mthe ad request being made. It's both blocked by the CORS issue and returning a blank response. More screenshots attached.

To unsubscribe from this group and all its topics, send an email to ima-sdk+unsubscribe@googlegroups.com.

[Vu Chau (IMA SDK Team)]

Thanks, Taylor.

It looks like https://ad.doubleclick.net/pfadx/sony.oz.opus/embed;dc_sdkv=h.3.138.3;dc_sdki=5;dc_adk=3751743708;dc_frm=0;dc_osd=2;dc_srd=1;dcmt=text/xml;mpt=brightcove/player-ht;mpv=2.11.1;ord=1470331061868 is the ad tag in question.  I requested that in the Video Suite Inspector and was able to see the blockage.  What that tells us is this is not a local issue, since we also saw it on our end.

I'm going to ask you to try to generate and use another ad tag.  This time, try not to use any option on DFP that makes use of imasdk.googleapis.com during transit (i.e. when the tag is requested).  That domain is not necessary to the workflow, which is why the CORS header on it isn't set.  So if a tag makes use of the domain at some point in the process, it would run into CORS.

Just to complete the picture, most of the times we saw users accidentally choosing to include the VPAID adapter when generating their ad tags. The adapter is located at https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adTagUrl=, which makes use of the imasdk.googleapis.com domain.  Since most use cases really don't need this adapter, we told them to leave it out in order to prevent CORS.

Let us know if you have any questions,

Vu Chau

IMA SDK Team