My Oracle Support Banner

Cross Domain/Origin (CORS) Error When Rendering Content Through AppLinkReady Event:" Load denied by X-Frame-Options: https://<host> does not permit cross origin framing." (Doc ID 2478260.1)

Last updated on AUGUST 21, 2023

Applies to:

Content and Experience Cloud Service - Version 18.4.1 and later
Content and Experience Cloud - Version 18.4.1 and later
Content and Experience Cloud Classic - Version 18.4.1 and later
Information in this document applies to any platform.


We have an Oracle JCS SX application which we are using to embed secure content hosted in CEC. We are using the AppLinks functionality and then embedding through an iFrame by calling the AppLinks Ready event.

As our Oracle JCS environment is hosted on a different domain and identity console, we have enabled Cross-Origin Resource Sharing (CORS) on both CEC and within the Identity Console.

Although we have enabled CORS correctly, we are receiving the following error:




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.