I have one page hosted on one of my AEM server [0] and from another AEM server [1], I am getting this page in IFRAME. Issue is sometimes [0] gets loaded in [1] and sometimes not and shows CORS origin policy error. I am not getting this, if it is related to CORS Policy configuration, then why its not occurring always?
One thing which i noticed that When Page is loaded successfully, response header looks like this:
Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 72090
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Jul 2019 16:50:46 GMT
ETag: "1199a-58dce3e14d28a"
Keep-Alive: timeout=60, max=100000
Last-Modified: Tue, 16 Jul 2019 15:43:47 GMT
Server: Apache/2.4.29 (Red Hat) OpenSSL/1.0.2k-fips Communique/4.2.2
And when it does not get load, it looks like:
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
Date: Tue, 16 Jul 2019 16:50:30 GMT
Keep-Alive: timeout=60, max=100000
Server: Apache/2.4.29 (Red Hat) OpenSSL/1.0.2k-fips Communique/4.2.2
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
[0]: https://www.cornerstones4care.com/get-real/sign-up.html
[1]: https://www.getrealaboutdiabetes.com/sign-up-for-diabetes-tips.html
You can check, in [1] there is iframe which is loading [0].
Please help.
Solved! Go to Solution.
Views
Replies
Total Likes
I guess that the difference comes from the fact, that the page might be cached or not. And some instance (probably AEM) does provide proper CORS headers, and if it's just delivered from dispatcher cache, these headers are not added properly. Can you validate my assumption?
If that's correct, you need to configure the dispatcher/webserver to add these headers.
Jörg
Views
Replies
Total Likes
Why do you have different pages being served from different AEM instances? For an AEM implementation, the best practice is for pages to be served from the same PUB instance.
Views
Replies
Total Likes
I guess that the difference comes from the fact, that the page might be cached or not. And some instance (probably AEM) does provide proper CORS headers, and if it's just delivered from dispatcher cache, these headers are not added properly. Can you validate my assumption?
If that's correct, you need to configure the dispatcher/webserver to add these headers.
Jörg
Views
Replies
Total Likes
You can try to bypass dispatcher and try to use/load the pages directly to isolate the scenario.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies