Cross-domain issue when trying to render a Polymer element on 3rd party site

Question

So I was doing something like an embedded widget for our service, which offers a string like <script src="http://our-awesome-service.com/scripts/widget.js"></script> that users can take and embed on their own sites, blogs etc., and I encountered a problem that while trying to use the script to append a <link rel="import" href="http://our-awesome-service.com/templates/widget.html"> HTML import programatically on the user's site (say http://user-blog.com), the browser will show an access-control-allow-origin error saying that http://user-blog.com cannot access http://our-awesome-service.com/templates/widget.html

How do I handle this situation? Is it possible to only open CORS for this specific HTML file?

Answer 1

How do I handle this situation? Is it possible to only open CORS for this specific HTML file?

Yes, but it's the responsibility of your server. The server must send CORS accept headers for whichever files you want to be able to serve cross-origin.