I'm setting up a squarespace site and want to create dynamic content based off a JSON string that is being served by another domain.
I've created an inline script that uses XMLHttpRequest to pull the JSON string from the remote domain and then, after formatting, uses document.write() to write the required information to the page. However, by embedding the script the Squarespace domain is now being flagged as insecure by web browsers. Both domains are secure when navigated to separately so I can't figure out why.
Below is the function I use to get the JSON
function httpGet(){
var xmlHttp = new XMLHttpRequest();
xmlHttp.open( "GET", URL, false );
xmlHttp.send( null );
return(xmlHttp.responseText);
}
When I check in the developer console it says the request is using CORS but the site is still flagged as insecure. Any ideas what may be causing this as there is no explanation given in the console. I don't whether moving the script to the header rather than being inline may help, but I don't see why it would.
Aucun commentaire:
Enregistrer un commentaire