+ Start a Discussion
Andy Freeston_LarterAndy Freeston_Larter 

CORS support for documents and static resources

My managed package needs to consume images that are stored as documents and static resources by our customers. This results in the URLs being for another domain than my application is served on so I am running into the following CORS issue:

Redirect at origin 'https://c.eu3.content.force.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://mypackage.eu3.visual.force.com' is therefore not allowed access.

I can temporarily solve this by remapping the URL so the resources are loaded from the package domain but this seems to be a hack. I would prefer to have the resources served with a CORS header.

Is there any way to configure Salesforce to allow documents and static resources to be loaded from a managed package domain and have the correct CORS header applied? I did try the CORS Whitelisted Origins system but that only seems to work for REST calls.

 - Andy