0

I have two sites https://site1.com (PHP site) and http://site2.com (PHP site). I have embedded the site1 inside site2 using iframe

<iframe  src="https://site1.com" seamless width='100%' height="700px" frameborder="0"></iframe>

Now the issue is I'm not able to log in to site2 which is inside an iframe and also some of the ajax requests responses are empty

This is working fine with the Firefox browser, facing this issue only in the google chrome browser

Any idea why is this happening ? are there any other alternative solutions I can implement?

Megha BM
  • 21
  • 1
  • 4
  • You're trying to serve https content on an http container. Not good. Both need to the be the same protocol – Kinglish Jun 24 '21 at 06:27
  • 3rd-party cookies being blocked by the browser is also something to look into. – CBroe Jun 24 '21 at 06:29
  • @Kinglish I also tried converting HTTP to HTTPS but still not able to login to the embedded site and this issue is only with chrome – Megha BM Jun 24 '21 at 06:45
  • @CBroe I have enabled 3rd-party cookies in the Chrome browser still the issue is not solved – Megha BM Jun 24 '21 at 07:06

1 Answers1

0

I had a similar problem to yours and I was able to fix my CORS issue following this MDN article CORS (MDN), see the section on Requests with credentials. There you'll find that you have to set the xhr options withCredentials. Here's the example they use:

var invocation = new XMLHttpRequest();
var url = 'http://bar.other/resources/credentialed-content/';

function callOtherDomain(){
  if(invocation) {
    invocation.open('GET', url, true);
    invocation.withCredentials = true;
    invocation.onreadystatechange = handler; // Needs to be implemented
    invocation.send(); 
  }
}
Dharman
  • 30,962
  • 25
  • 85
  • 135