Cross Domain (CORS) Errors with OEmbed and widgets.js



We are trying to follow the ‘rules of the road’ to properly display Tweets.

As part of this process, we are using OEmbed to check if a Tweet still exists and properly format it for presentation purposes.

We have successfully been able to call the OEmbed API Method with JSONP.

Unfortunately, the output includes a tag which tries to call ‘widget.js’ and returns the following error:

XMLHttpRequest cannot load Origin http://<CENSORED> is not allowed by Access-Control-Allow-Origin.

Any suggestions?


You can add an additional parameter to the oembed request—omit_script=true—to get just the blockquote. You’ll still need to include widgets.js within your regular page template, but only need to do it once. Then call twttr.widgets.load() as appropriate to initiate the full render once you’ve injected the code into your page.

It’s also advisable that you cache the OEmbed response heavily in your application.