I'm trying to integrate a self-hosted third party application , by iframing it into my Retool app. The application uses a <script> tag to retrieve and run JS that itself retrieves another HTML page, that is then iframed within the page of the self-hosted app. That page contains another <script> tag, …

Access-Control-Allow-Origin required for asset in script tag within document retrieved by JS in iframe

preshetin January 2, 2024, 3:50pm 2

Hi @SamirUnni - welcome to the community!

You can fix it by checking the "Storage and cookies" box (kudos to this solution)

I did some digging with your third-party app and can confirm it works.

Hope this helps

1 Like

Topic		Replies	Views
Embed Autodesk Fusion 360 shared preview failing due to blocked CORS policy: No 'Access-Control-Allow-Origin' 💬 App Building resource-connection , bug	6	1199	August 3, 2023
Allowed origins when using embedding in iframe/custom component 💬 App Building	8	1740	April 25, 2024
Embedded Retool Apps are Unable to Login on Webkit Browsers (Safari, iOS Browsers, Gnome Web, etc.) 💬 App Building bug	9	1114	March 28, 2025
Access to script has been blocked by CORS policy 💬 App Building bug	3	224	July 28, 2025
Trouble embedding my retool app into an iframe 💬 App Building	5	4615	July 27, 2023