Update CORS policy for Activity Map

Description

Sometimes Activity Map tool cannot load in the browser due to CORS policy on customer’s website domain. This can be validated by looking at the  Console errors, which will show an error like this:

Refused to frame ‘https://sitecatalyst.omniture.com/’ because it violates the following Content Security Policy directive: "frame-src *.xyz.com *.facebook.com c.comenity.net *.google.com…

Resolution

To fix this, update CORS policy as below to have Activity Map work on site:

Wild card domains

  • For ‘connect-src’, add sitecatalyst.omniture.com
  • For ‘frame-src’, add *.omniture.com

No wild card domains

  • For ‘connect-src’, add sitecatalyst.omniture.com
  • For ‘frame-src’, add sitecatalyst.omniture.com authorize.omniture.com sc5.omniture.com

The thing to take note of for the “No wild card domains”, we have “sc5.omniture.com”. This is for a company in PNW data center. If the company was in the:

  • London data center, use sc3.omniture.com
  • Singapore data center, use sc4.omniture.com

We recommend using the wild card domains, in case the Experience Cloud login process ever changes in the future and uses different domains.

On this page