Configure CORS to allow cross-origin requests to Control Panel URLs from hosted web pages

I have use-case where I want JavaScript ajax calls from web sites hosted on a Nation to access control panel URLs (for the same nation). However, as the web sites are on custom domains, these are currently blocked by the browser's Same Origin policy. I think that all is required is for the server to set an "Access-Control-Allow-Origin" header that includes the custom domains hosted by the Nation. I note there are other requests related to CORS.

not planned

For security purposes we intentionally separate the front facing site from the control panel. The way these two things are connected is through forms and Liquid. If you are finding that you are unable to surface data or intake data through either of those two options, please leave suggestions related to what you are specifically trying to do in the comments. Thank you.

Official response from

Share this post

Showing 2 reactions

How would you tag this suggestion?
Please check your e-mail for a link to activate your account.