They put something like this on their page <script src="https://my-embed.netlify.com/widget.js" crossorigin></script>
and I have the following toml in my repository root
for = "/*"
Access-Control-Allow-Origin = "*"
But they still get a CORS error. What am I missing?
I don’t see the difference between this and hosting an iframe from a terms of service point of view, but I’m happy to be educated about the terms or the technique. Either way, I need to know I can’t do it or how to do it.
btw, removing the crossorigin attribute solves the CORS issue, but I still can’t figure out how to get react, webpack, and netlify to let me specify my own bundle.js in the ./build/static/js directory on netlify
firstly - you are in a bit of a grey area here with regards to terms of service, although it depends a little bit on what exactly you are doing with your netlify site.
Specifically, section 3 point 1:
Users may not use the Service as a remote storage server only.
Users deemed to be using Netlify solely as a remote storage server will have their account immediately terminated and will have all files associated with their account permanently removed.
as we’re very generous with our starter tier, we want to avoid people utilizing us as a remote filedrive (there are better options for that anyway). We’re not so worried about a js file, especially if you are also using that file in a site you are running on netlify, but, if someone where to use their netlify account to store giant video files, or images, or binaries that they are just straight up linking to without serving an actual site, we might have to have a talk about acceptable use, so keep that in mind.
I’ll have to let someone else chime in on the js questions specifically, but as i’m the TOS expert around here, I figured I’d answer the first half of your q at least.
Thanks, but I’d be surprised if I’m in the gray. Lots of sites put widgets on blogs, etc. Yes?
I could do an <iframe>, but I’d rather do it with a <script> tag, similar to youtube’s <embed> code
The site is www.verilyviral.com and I’m simply developing a widget that users can include on their business sites, blogs, etc.
if you have an actual site, then it’s not a concern - but you hadn’t mentioned that before
as I mentioned above, we’re specifically interested in preventing people only storing assets on our servers but not including a site in some way. so, to be really clear, if a person had a stack of images, videos, or css files, or js scripts they were linking to from somewhere else, but not actually serving any html etc, we’d have a talk with them about appropriate use.