Cross-Origin Resources

Due to security protections in modern browsers, when a webpage loads a CSS Stylesheet from a domain other than it’s own (and without proper CORS implementation), the browser restricts access to the stylesheet. This is done to protect against an attack where a malicious page reads data, and/or injects malicious code into the stylesheet from another domain.

Unfortunately we have to inject the stylesheet directly into the page to get around this issue (and get the colors/styles used), which makes the browser insecure. Color Producer will display a warning before this occurs.

If you select to inject the stylesheet in the warning dialog (or turn the warning off) you should NEVER do browsing you wish to remain secure in Color Producer. DO NOT login to banking, email, social media, etc. If you need a secure browser, use Safari, Google Chrome, or Firefox.

To keep the Color Producer browser secure, you should NOT inject the cross-origin stylesheets, and implement proper CORS support on your website instead.

More Information: