Description:
I am integrating the CleverTap Web SDK into my project, which operates with cross-origin isolation enabled. Unfortunately, the SDK is not functioning correctly due to missing headers in the API response. Specifically, the API does not return either of the following headers:
These headers are necessary to ensure that the SDK works on websites with cross-origin isolation enabled, which is required to comply with modern web security standards like COEP (Cross-Origin Embedder Policy).
Reference:
For more information on the importance of these headers and how they relate to cross-origin isolation, please refer to the official guidance from Google Chrome’s documentation:
https://web.dev/articles/coop-coep#2_ensure_resources_have_corp_or_cors_enabled
These resources explain why cross-origin isolated environments require specific headers to be present to maintain security and data integrity.
Steps to Reproduce:
Enable cross-origin isolation on your website (e.g., by setting Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy headers).
Integrate the CleverTap Web SDK.
Observe the errors in the console due to the missing headers in the API response.
Expected Behavior:
The CleverTap Web SDK should support cross-origin isolated environments by ensuring that the API response includes one of the necessary headers: Access-Control-Allow-Origin: * or Cross-Origin-Resource-Policy: cross-site.
Actual Behavior:
The SDK fails to operate correctly, and errors are thrown because the required headers are not present in the API response.
Suggested Solution:
Please modify the API response to include one of the following headers:
This change would allow the SDK to function correctly in cross-origin isolated environments.
Environment:
CleverTap Web SDK version: 1.9.0
Browser: Google Chrome, Microsoft Edge
Website with Cross-Origin Isolation enabled
Thank you for your attention to this matter. I look forward to your response.
Description: I am integrating the CleverTap Web SDK into my project, which operates with cross-origin isolation enabled. Unfortunately, the SDK is not functioning correctly due to missing headers in the API response. Specifically, the API does not return either of the following headers:
These headers are necessary to ensure that the SDK works on websites with cross-origin isolation enabled, which is required to comply with modern web security standards like COEP (Cross-Origin Embedder Policy).
Reference: For more information on the importance of these headers and how they relate to cross-origin isolation, please refer to the official guidance from Google Chrome’s documentation: https://web.dev/articles/coop-coep#2_ensure_resources_have_corp_or_cors_enabled These resources explain why cross-origin isolated environments require specific headers to be present to maintain security and data integrity.
Steps to Reproduce: Enable cross-origin isolation on your website (e.g., by setting Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy headers). Integrate the CleverTap Web SDK. Observe the errors in the console due to the missing headers in the API response.
Expected Behavior: The CleverTap Web SDK should support cross-origin isolated environments by ensuring that the API response includes one of the necessary headers: Access-Control-Allow-Origin: * or Cross-Origin-Resource-Policy: cross-site.
Actual Behavior: The SDK fails to operate correctly, and errors are thrown because the required headers are not present in the API response.
Suggested Solution: Please modify the API response to include one of the following headers:
This change would allow the SDK to function correctly in cross-origin isolated environments.
Environment: CleverTap Web SDK version: 1.9.0 Browser: Google Chrome, Microsoft Edge Website with Cross-Origin Isolation enabled Thank you for your attention to this matter. I look forward to your response.