Who can use this feature?
CORS is a security feature that allows web applications (your website and / or landing pages) to interact with resources in a different domain (Chili Piper's concierge snippet) in a way that ensures the legitimacy of those requests.
When Do You Need CORS?
Your site or app's requirements for needing CORS will vary, but it's generally recommended to have it set up whenever your site will be fetching data from a different website or domain.
In the context of Chili Piper, we store our concierge.js snippet (and in legacy, several other js and style pages) on our own chilipiper.com servers. That means in order for your site to read and load these files, it needs to fetch them from us.
You may also need to adjust CORS if you are getting errors that mention "CORS" or "Cross-Origin" in your developer console.
How to Fix CORS Issues
Option 1: Allow Specific Domains
You will need to add the following to the server's configuration:
Access-Control-Allow-Origin: https://{your_domain}.chilipiper.com
In this case, {your_domain} would be your account's subdomain.
Option 2: Allow All Domains (less secure)
Generally for testing purposes only, you could allow all domains with a wildcard asterisk ( * )
Access-Control-Allow-Origin: *
Note that the steps required to add these to your server's configuration will vary from server-to-server.
Common CORS Error Messages
If you see any of the following in your browser's developer console, it could indicate an issue with CORS.
- "Access to fetch at [URL] has been blocked by CORS policy"
- "Access to XMLHttpRequest at [Chilipiper.com URL] from origin [Your URL] has been blocked by CORS policy"
- "No 'Access-Control-Allow-Origin' header is present"
- Any mention of "CORS"
- Any mention of "Cross-Origin" in the error message
If you are unsure what the messages mean, or if they are related to CORS or Chili Piper, please reach out to Chili Piper's Customer Love team to help verify.