2

I'm trying to test my website with Optimizely (a name of a tool allowing to create A/B tests etc). This tool tries to load my page inside an iframe and I get JS error: blocked a frame with origin "...optimizely..." from accessing a frame with origin "...my site..." protocols domains and ports must match.

I want to somehow allow optimizely to access my site and run the JS - what should I do?

  1. I read I can add an http-header to allow such access, but I can't find if I can define it to allow for a specific site (I don't want to create a security breach)

  2. I read something about window.postMessage but I guess I need to change code on both sides - and I won't be able to change Optimizely code

benams
  • 4,308
  • 9
  • 32
  • 74

1 Answers1

1

You can use Cross Origin Resource Sharing to allow other sites to download your content via AJAX (I hope it also works in your case). Here you have to use the header Access-Control-Allow-Origin with a list of all domains your site wants to provide access to. Example:

Access-Control-Allow-Origin: http://www.example-social-network.com

More information about CORS, you will find on the Wikipedia article: https://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing

Stephan Kulla
  • 4,739
  • 3
  • 26
  • 35