Hi. Here’s my scenario :
I have a page on the WIX site that has an HTML iFrame component. In this component, I have javascript code that fetches data from a third-party provider. The third-party provider whitelists the IP address for our Wix website (which we obtained from Wix) to allow the data fetch request through the 3rd party provider’s API. The fetched data is then transformed in some way and displayed in the html code in the same file.
A problem that I have is possibly a CORS problem where in the F12 console (i.e. Browser’s development tools) of a browser I get error message such as :
Failed to load https://www.myprovider.com/mypage.asp? id=123: Response to preflight request doesn’t pass access control check : No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘ https://static.fileuser.com ’ is therefore not allowed access.
Cross-Origin Read Blocking (CORB) blocked corss-original c7558c_b3aa9db669d166.html:3728 repsonse https://www.myprovider.com/mypage.asp? id=123 with MIME type text/xml. See https://www.chromestatus.com/feature/5829709824032768 for more details.
My questions are :
- The code in the html iframe component never contains “ https://static.fileuser.com ” in the code. Where does this come from?
- Our third party provider for the data can only whitelist IP addresses, NOT domains. How can I resolve the CORS problem?
Any help is appreciated.
P.S. I have also tried calling the 3rd party provider’s API from WixCode but it doesn’t work either.