Issue
When trying to use the "create item in another site" action across web apps you are unable to access the other sites list in the action by using the URL.
Resolution
Enable cross domain security settings in the browser
Below we describe how to enable cross-origin requests in each of 4 major browsers.
In FireFox, Safari, Chrome, Edge and IE 10+
To enable cross-origin requests in FireFox, Safari, Chrome and IE 10 and later your server must attach the following headers to all responses:
| 1 2 3 4 5 | Access-Control-Allow-Origin: http://webdavserver.comAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Methods: ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROLAccess-Control-Allow-Headers: Overwrite, Destination, Content-Type, Depth, User-Agent, Translate, Range, Content-Range, Timeout, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Location, Lock-Token, IfAccess-Control-Expose-Headers: DAV, content-length, Allow |
These headers will enable cross-domain requests in FireFox 3.6+, Safari 4+, Chrome 4+, Edge, and IE 10+. Older versions of this browsers do not allow cross-domain requests.
Note:
Firefox and Chrome require exact domain specification in Access-Control-Allow-Origin header. For servers with authentication, these browsers do not allow "*" in this header. The Access-Control-Allow-Origin header must contain the value of the Origin header passed by the client.