Environment
Issue/Symptoms
Sometimes, the Activity Map tool cannot load in the browser due to the Cross-Origin Resource Sharing (CORS) policy on customer’s website domain. This can be validated by looking at the Console errors, which will show an error like this:
Refused to frame ‘https://sitecatalyst.omniture.com/’ because it violates the following Content Security Policy directive: "frame-src *.xyz.com *.facebook.com c.comenity.net *.google.com…
To fix this, update Cross-Origin Resource Sharing (CORS) policy as below to have Activity Map work on site:
Wild card domains
No wild card domains
The thing to take note of for the No wild card domains, is that we have sc5.omniture.com. This is for a company in Pacific Northwest (PNW) data center. If the company was in the:
We recommend using the wild card domains, in case the Experience Cloud Login process ever changes in the future and uses different domains.