Hi Christer,
Thank you for contacting the IMA SDK Support team.
Since the app can serve the ad with no problems when opening the same page in Safari I can confirm that the integration of IMA SDK is correct.
Modern browsers apply same-origin security restrictions to JavaScript network requests, meaning that a web application running from one origin cannot retrieve data served from a different origin. The restriction poses problems for VAST served in a JavaScript environment because an ad server is often on a different domain than the ads player. However, Cross-Origin Resource Sharing (CORS) headers is a W3C recommendation that works around this restriction by allowing sharing across different origins.
To avoid cross-origin problems, VAST ad server responses to requests made by the SDK must include the following HTTP CORS headers:
Access-Control-Allow-Origin: <origin header value>
Access-Control-Allow-Credentials: true
For further instructions on enabling CORS, see Enable cross-origin resource sharing.
![]() |
IMA SDK Team |