Hi chaps - I really hope you can assist me with this because I've been all over the place to try and find a solution.
To cut a long story short, I am trying to embed a number of 3rd party booking calendars into a new site that I'm building.
The calendars work fine when embedded within an article. However, when I add it to SP Page Builder either as RAW HTML code or via a custom module I am getting the following error:
Access to XMLHttpRequest at 'https://westlakesadventure.anytimebooking.eu/category/listAllActive/1/NaN/?_=1552041970711' from origin 'http://www.tourismweb.co.uk' has been blocked by CORS policy: Request header field x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response.
Here is the broken calendar with Page Builder:
Titlehttp://www.tourismweb.co.uk/WLA/book-now
Here is the calendar working in an article in Joomla:
Titlehttp://www.tourismweb.co.uk/WLA/accommodation/group-accommodation
The problem is that I need to include the calendars within varying places within Page Builder pages so the article solution isn't going to work for me.
I've added the following to my .htaccess
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
I've been in touch with the hosts and also the booking calendar developers and they are telling me the preflight request is not a feature of their widget and the xcsrf token is not their token. They also said it looks as if your CMS is adding this to the request as well as appending a query (timestamp) to the end of the Url which again is not something in our making.
In terms of settings:
SP Page Builder Pro 3.4.4
Joomla 3.9.3
PHP 7.2
I really hope you will be able to find a workaround for me? I can happily PM access details to the administator and FTP.
Cheers,
Mike