Close popover
David McPhail (DavidM07)

DavidM07 Member since 2015 1 post
Posted: April 8, 2016
Last activity: April 11, 2016

Relaxing Same Origin Policy on IAC

We are currently using Pega 7.1.7 in the cloud as well as IAC.  We are integrating Pega into a 3rd party based application. The application is working however we are getting errors in the JavaScript console related to the same origin policy, which are rightfully valid.

For instance:

XMLHttpRequest cannot load Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access.

pzpega_ui_backbone_1798164053!pzpega_ui_jstree_1188219908!pzpega_ui_designer_tree_bundle_12945517662!!.js:5 Uncaught SecurityError: Blocked a frame with origin "" from accessing a frame with origin "". Protocols, domains, and ports must match.

pzpega_ui_backbone_1798164053!pzpega_ui_jstree_1188219908!pzpega_ui_designer_tree_bundle_12945517662!!.js:5 Uncaught TypeError: Cannot read property 'start' of undefined

We would like to relax the same origin policy on the IAC instance by enabling cross-origin resource sharing (CORS). Specially, adding “” to the Access-Control-Allow-Origin header. See:


The application itself is working but we do not want these erros and would like the DOMSto be accessible by the iframes. Does Pega have any other clients that are doing this? What does Pega recommend?


User Experience
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.