If I have a modal pop up using the pattern in mockup, links within the current domain work fine. But sometimes I would like to have it go to some external resource. When I try to do this I get blocked by the browser which seems to be an attempt to prevent cross site scripting:
XMLHttpRequest cannot load https://www.google.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
Is there some data value I can pass to make this work or is it unsupported?
Long story short, no.
As you probably already understood, this is a security mechanism in your browser that prevents loading third party contents.
You can disable this security. In chrome, for example, running this command:
- chromium-browser --disable-web-security --user-data-dir
See more here:
If you really want do that, you can proxy the content you want to display with another address or adding the
Can you load it in an iframe (?)
I once made something that is slightly related, just dont blame security issues on me