Bug #21822
closedGC library embedded site cross-scripting
0%
Description
We got this report from Stephen Klein at the GC Library. It seems that their site
Has this Commons site embedded in it: https://gclibrary.commons.gc.cuny.edu/
I couldn't tell where exactly at first, but it seems to be right above the footer, from my basic usage of View Source and Inspector. There is this block of code there, under two-panel section for Featured Collection and Featured Video:
<div id='news' class='news-section rss-feed row col-xxl-8 col-md-12'>
<script id="news-template" type="x-tmpl-mustache">
<h3 class='lower-header'><a href='https://gclibrary.commons.gc.cuny.edu/'>News & Views</a></h3>
<ul class='news'>
{{#items}}
<li><img src='{{image}}'/><h4><a href="{{link}}">{{title}}</a></h4><p>{{shortBodyWithDots}}</p></li>
{{/items}}
</ul>
</script>
</div>Stephen is reporting that since the Commons migration to Reclaim the Commons site is not appearing. A message is returned:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://gclibrary.commons.gc.cuny.edu/category/blog/website-front-page/feed/?fsk=5c1146bca3512. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘chineseindian.org’).
I am not seeing this, but perhaps it's only for an admin of the GC Library or GC Library Commons site?
I wanted to especially raise this because of the mention of chineseindian.org that came up on the dev call. What is that, and is it something we need to get whitelisted with GC IT or similar?