Set strict-origin-when-cross-origin or/and Access-Control-Allow-Origin for calling f.i. in an iframe or templete src

I would like to call an external link into an popup window or an iframe or an template src: ‘…’
but I always get
... has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin'

is there any way to allow certain external resources to load into an iframe or in an ui template??

I thank you for your help


Hi, @Michael!
Well, it seems that have set the header to SAMEORIGIN in this case, which means that they have disallowed loading of the resource in an iframe outside of their domain and it is not a webix-related issue: Edit fiddle - JSFiddle - Code Playground

Hi NastassiaM.

Yes that’s correct! And there must be a header definition for X-Frame-Options or something… But thank you anyway for your reply.