Update Cross-Origin Resource Sharing (CORS) policy for Activity Map
For the Activity Map to work, update Cross-Origin Resource Sharing (CORS) policy to use Wild card domains.
Description description
Environment
- Customer Journey Analytics
- Analytics
Issue/Symptoms
Sometimes, the Activity Map tool cannot load in the browser due to the Cross-Origin Resource Sharing (CORS) policy on the website domain. This issue can be validated by looking at the Console errors, which show an error like this:
Refused to frame ‘https://sitecatalyst.omniture.com/’ because it violates the following Content Security Policy directive: "frame-src *.xyz.com *.facebook.com c.xxxyz.net *.google.com…
Resolution resolution
To fix this issue, update the Cross-Origin Resource Sharing (CORS) policy as below to have Activity Map work on site:
Wild card domains
- For ‘connect-src’, add sitecatalyst.omniture.com
- For ‘frame-src’, add *.omniture.com
No wild card domains
- For ‘connect-src’, add sitecatalyst.omniture.com
- For ‘frame-src’, add sitecatalyst.omniture.com authorize.omniture.com sc5.omniture.com
The thing to take note of for the No wild card domains, is that you have sc5.omniture.com. This is for a company in the Pacific Northwest (PNW) data center. If the company was in the:
- London data center, use sc3.omniture.com
- Singapore data center, use sc4.omniture.com
It is recommended that you use wild card domains, in case the Experience Cloud Login process ever changes in the future and uses different domains.