You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
I am integrating the CleverTap Web SDK into my project, which operates with cross-origin isolation enabled. Unfortunately, the SDK is not functioning correctly due to missing headers in the API response. Specifically, the API does not return either of the following headers:
These headers are necessary to ensure that the SDK works on websites with cross-origin isolation enabled, which is required to comply with modern web security standards like COEP (Cross-Origin Embedder Policy).
Reference:
For more information on the importance of these headers and how they relate to cross-origin isolation, please refer to the official guidance from Google Chrome’s documentation: https://web.dev/articles/coop-coep#2_ensure_resources_have_corp_or_cors_enabled
These resources explain why cross-origin isolated environments require specific headers to be present to maintain security and data integrity.
Steps to Reproduce:
Enable cross-origin isolation on your website (e.g., by setting Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy headers).
Integrate the CleverTap Web SDK.
Observe the errors in the console due to the missing headers in the API response.
Expected Behavior:
The CleverTap Web SDK should support cross-origin isolated environments by ensuring that the API response includes one of the necessary headers: Access-Control-Allow-Origin: * or Cross-Origin-Resource-Policy: cross-site.
Actual Behavior:
The SDK fails to operate correctly, and errors are thrown because the required headers are not present in the API response.
Suggested Solution:
Please modify the API response to include one of the following headers:
This change would allow the SDK to function correctly in cross-origin isolated environments.
Environment:
CleverTap Web SDK version: 1.9.0
Browser: Google Chrome, Microsoft Edge
Website with Cross-Origin Isolation enabled
Thank you for your attention to this matter. I look forward to your response.
The text was updated successfully, but these errors were encountered:
Description:
I am integrating the CleverTap Web SDK into my project, which operates with cross-origin isolation enabled. Unfortunately, the SDK is not functioning correctly due to missing headers in the API response. Specifically, the API does not return either of the following headers:
These headers are necessary to ensure that the SDK works on websites with cross-origin isolation enabled, which is required to comply with modern web security standards like COEP (Cross-Origin Embedder Policy).
Reference:
For more information on the importance of these headers and how they relate to cross-origin isolation, please refer to the official guidance from Google Chrome’s documentation:
https://web.dev/articles/coop-coep#2_ensure_resources_have_corp_or_cors_enabled
These resources explain why cross-origin isolated environments require specific headers to be present to maintain security and data integrity.
Steps to Reproduce:
Enable cross-origin isolation on your website (e.g., by setting Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy headers).
Integrate the CleverTap Web SDK.
Observe the errors in the console due to the missing headers in the API response.
Expected Behavior:
The CleverTap Web SDK should support cross-origin isolated environments by ensuring that the API response includes one of the necessary headers: Access-Control-Allow-Origin: * or Cross-Origin-Resource-Policy: cross-site.
Actual Behavior:
The SDK fails to operate correctly, and errors are thrown because the required headers are not present in the API response.
Suggested Solution:
Please modify the API response to include one of the following headers:
This change would allow the SDK to function correctly in cross-origin isolated environments.
Environment:
CleverTap Web SDK version: 1.9.0
Browser: Google Chrome, Microsoft Edge
Website with Cross-Origin Isolation enabled
Thank you for your attention to this matter. I look forward to your response.
The text was updated successfully, but these errors were encountered: