0

I need load a page in a iframe or something like that, but, this page redirect to a login page that is in another domain, then, I have a cross-domain error!

The error is something like:

Failed to load https://otherdomain.com/159HBR321: Redirect from 
'https://otherdomain.com/159HBR321' to 
'https://thirddomain.com/home/login'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin'
header is present on the requested resource. Origin 'null' is
therefore not allowed access.

I tried something like:

$(function(){
  $("#divId").load("https://otherdomain.com/159HBR321"); 
});
...
<div id="divId" style="display:none;"></div>

And tried with iframe:

<iframe src="https://otherdomain.com/159HBR321"></iframe>

I have a Java project, so I can solve this problem with Java or JS (JQuery, etc.).

But no success. Just a observation, I can't change anything on the otherdomain's server.

Any clue on how to solve this issue? Thanks in advance.

Improve this question
2
  • Possible duplicate of How to solve "Cross-Origin Request Blocked" error? Commented Jun 29, 2018 at 13:08
  • It's very similar, but I guess that my real problem is that the link calls another one (in a third domain). I tried this option but did not work. Commented Jun 29, 2018 at 14:02

1 Answer 1

Reset to default
1

Your browser in enforcing that rule, and it shouldn't allow you to violate it. The idea behind CORS is to prevent malicious code from grabbing credentials from a legitimate app and then accessing the the server.

The server has to send cross-origin headers. If the other domain isn't do that, then your browser won't let you access it.

There are browser plugins that add the headers for development purposes, but they are limited in their abilities and make your browser less secure when they are turned on. They certainly are not an option if other people are using your app.

The only good solution is to work with the other domain to get your domain white listed.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I see. It's what I'm afraid. Work with the other domains isn't a option, unfortunately. Maybe we'll need forget this idea and work in another.
Yeah, sounds like the other domain doesn't want to act as an authentication service. BTW, would you please "accept" my answer?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.