Wildcard * in Access-Control-Headers

[maik.m...@softgames.de]

Hi,

i am implementing the ima-sdk for usage with a video ad partner. When i run the ima-sdk with his VAST-Tag i get this error:

A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://imasdk.googleapis.com' is therefore not allowed access.

Demo here: http://sg-ima.s3-website-us-east-1.amazonaws.com/flappy-bird/?platform=sandbox&showAdPreroll=true&bannerIdPrerollAdPopup=387

I contacted my partner to remove the wildcard in the response header, but they insist, that the player-side has to solve the problem. Can you give me a hint here, how to proceed with errors like this?

Since i am not requesting the video in my code and i am not delivering the response by my self, i am stuck in the middle.

I remember on earlier versions, that the ima sdk was trying the request again without credentials. But no more.

Thanks a lot for your effort.

Maik

[Shawn Busolits (IMA SDK Team)]

Hey Maik,

Unfortunately this isn't something specific to the player or even the player side of the equation - this is a web security standard that the server is violating. The server sending the response is setting the header flag for credentials to true and also using a wildcard in the access-control-alow-origin field, which is not allowed by the standard. This is indeed something they will need to fix on their side.

Thanks,

Shawn Busolits

IMA SDK Team

[maik.m...@softgames.de]

Hi Shawn,

thanks for your help! I'll try to solve it on the other end.

Best,

Maik