Hi John, I (Lisa McMahon [webmaster for FBC Leesburg]) reached out to Subsplash and they spent several days trying to find a solution. Here is their response: Turns out we believe the issue is that Constant Contact needs to add some additional coding to their header. One of our devs supplied us with the explanation you can pass on to Constant Contact as to why their form isn't working. He is confident they will comprehend what he is explaining in the report below. Please let me know if there is anything else can do for you. So here is the report from our developer. -------------------------------------------------------------------------------------- So, we have a security requirement on SnapPages that external resources, such as the Constant Contact signup resource (https://listgrowth.ctctcdn.com/v1/a5cf76f012487c68a6771fd09bd8f7a2.json) have an Access-Control-Allow-Origin header. Constant Contact will need to add that header to their resources for us to be able to use these forms properly. This is a change required on their side, not on ours. Note that this is also a browser requirement. SnapPages is not specifically blocking Constant Contact. References: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin https://stackoverflow.com/a/10636765 The CORS policy is a security mechanism implemented by browsers to restrict cross-origin requests and protect users from potential security risks. The policy is enforced consistently across all resources, including scripts, images, stylesheets, and more. To successfully make a cross-origin request from a <script> tag, the server (Constant Contact, in this case) hosting the requested resource needs to include the appropriate CORS headers in its response. Specifically, the server should include the 'Access-Control-Allow-Origin' header, which specifies the allowed origins that can access the resource. If the server does not include the necessary CORS headers, the browser will block the request and prevent the script from executing due to the same-origin policy. This security measure helps mitigate the risk of unauthorized access and manipulation of resources. To resolve the CORS issue, you typically need to modify the server-side configuration to include the 'Access-Control-Allow-Origin' header in the response. Alternatively, you can consider using alternative techniques like JSONP or setting up a proxy server to bypass the CORS restrictions. It's important to note that circumventing or bypassing CORS restrictions without proper authorization or understanding of the security implications can lead to security vulnerabilities and should be avoided. The Constant Contact server is not set up to respond w/ the proper CORS headers to a POST request, which is what their code in that embed is doing behind the scenes. It is this URL specifically that is the issue: https://listgrowth.ctctcdn.com/v1/a5cf76f012487c68a6771fd09bd8f7a2.json God Bless, Ryan Davis Platform Support Specialist support.subsplash.com S U B S P L A S H
... View more
