Am trying to configure a cross domain Content Server and ajax request for data, and single sign on.
I can setup so works for a Single cross domain server, but not mutlple, as Internet Explorer will allow following settings but Google Chrome will not unless full domain name.
So what works.
in Content Server - settings - Configure Security Parameters -
I have my domain address where ajax data reuest (example: https://servername.domain.site.com) coming from added to
Trusted Referring Websites and Trusted Cross Domains
In IIS (Internet Information Services 7) - have a website in default, set up for Single Sign On.
so content server at http://contentserver.domain.site.com/otcssso/llisapi.dll
Following settings on content server IIS, allow for ajax call to work:
in IIS HTTPS Header Response, added
Access-Control-Allow-Credentials = true
Access-Control-Allow-Origin = http://servername.domain.site.com
and website on http://servername.domain.site.com makes call to http://contentserver.domain.site.com/otcssso/llisapi.dll?....query parameters...
This works for Internet Explorer (10) and Google Chrome.
But what if I want multple cross domains to be allowed.
so first change is with Access-Control-Allow-Origin = https://*.domain.site.com
This works - but only for IE, because IE i am guessing cares less about security then Chrome.
Chrome throws that access-control-allow-Origin does not match origin is "https://servername.domain.site.com" and allowed is "https://*.domain.site.com"
So someone must have set this up before.
Is there a setting in IE that needs to send the referal to Content Server component. Content Server allows adding in multple Cross Domain locations.
IIS does not allow multple settings of Access-Control-Allow-Origin
A result on the internet does point to chaning the OptionsVerbHandler, but could not find reference on knowlage center.
Thanks for any assitance that can be provided.