Stay organized with collections
Save and categorize content based on your preferences.
Modern browsers apply same-origin security restrictions to JavaScript network
requests, meaning that a web application running from one origin cannot retrieve data
served from a different origin. For VAST, this security restriction prevents
JavaScript XMLHttpRequests made from JavaScript VAST rendering code from reading
a VAST ad response served from a different origin.
This security restriction is meant to prevent issues where one origin is able
to read data from another origin that a user may be logged in to without that
user's permission. The restriction poses problems for VAST served in a JavaScript
environment because an ad server is often on a different domain than the
ads player. However, Cross-Origin Resource Sharing (CORS)
headers is a W3C recommendation that works around this restriction by allowing
sharing across different origins.
CORS headers
To avoid cross-origin problems, VAST ad server responses to requests made by the SDK must
include following HTTP CORS headers:
These headers allow an ads player on any origin to read the VAST response
from the ad server origin. Set the value of Access-Control-Allow-Origin
to the value of the Origin header sent with the ad request, and
Access-Control-Allow-Credentials to true to ensure
that cookies are sent and received properly.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-01-21 UTC."],[[["Modern browsers restrict JavaScript from accessing data from different origins for security reasons, impacting VAST ads served from a separate domain than the player."],["Cross-Origin Resource Sharing (CORS) headers enable cross-origin data sharing, allowing VAST ads to be served from a different domain than the player."],["VAST ad server responses should include specific CORS headers: `Access-Control-Allow-Origin` (set to the request's `Origin` header value) and `Access-Control-Allow-Credentials` (set to `true`)."]]],[]]