How do I use Access-Control-Allow-Origin? Does it just go in between the html head tags?

There are 3 ways to allow cross domain origin (excluding jsonp): Set the header in the page directly using a templating language like PHP. Keep in mind there can be no HTML before your header or it will fail. Modify the server configuration file (apache.conf) and add this line. Note that “*” represents allow all. … Read more

Embedding Google Apps Script in an iFrame

Google had just recently enabled this feature. It has been under a ‘feature request’ status for quite a long time. Link here You can now explicitly define X-Frame-Options. To allow embedding under another domain, the option should be HtmlService.XFrameOptionsMode.ALLOWALL Google documentation on the subject: Example: function doGet() { return HtmlService.createTemplateFromFile(‘form.html’) .evaluate() // evaluate MUST … Read more

same-origin policy and CORS – what’s the point?

The important thing to note here is that if the user is signed in to a site and the request deletes a post by the user, then the following code will delete the user’s post: <script src=”″ /> This is called a CSRF/XSRF attack (cross-site request forgery). This is why most server-side web … Read more

Getting around same origin policy in javascript without server side scripts

As David Dorward mentioned, JSON-P is the simplest and fastest; however, there is another trick, specifically using two iframes. Two get around this issue without using JSONP, you can do the following. This technique assumes that you have some sort of development access to the parent page. There are three pages on two domains/sites. Parent … Read more

Using iframe with local files in Chrome

I’m sorry to say you that I’ve tried during weeks to solve this issue (I needed it for a project) and my conclusion is that it’s not possible. There are a lot of problems arround local access through javascript with chrome, and some of them can be solved using –allow-file-access-from-files and –disable-web-security, including some HTML5 … Read more

Uncaught DOMException: Blocked a frame with origin “http://localhost:8080” from accessing a cross-origin frame while listing the iframes in page

This error message… Uncaught DOMException: Blocked a frame with origin “http://localhost:8080” from accessing a cross-origin frame. …implies that the WebDriver instance blocked from accessing a cross-origin frame. Same-origin policy Same-origin policy : Same-origin policy restricts how a document or script loaded from one origin can interact with a resource from another origin. It is a … Read more