To avoid cross-origin problems, VAST ad server responses to requests made by the SDK must include following HTTP CORS headers:
Access-Control-Allow-Origin: <origin header value> Access-Control-Allow-Credentials: true
These headers allow an ads player on any origin to read the VAST response
from the ad server origin. Set the value of
to the value of the
Origin header sent with the ad request, and
true to ensure
that cookies are sent and received properly.
For further instructions on enabling CORS, see Enable cross-origin resource sharing.