I was alerted by one of my techs today about two separate issues in developer console.
1- I am getting a server error.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://api2.iflychat.com/chat/261/6ctc61m6/xhr_str... This can be fixed by moving the resource to the same domain or enabling CORS.
I have no idea what CORS is or why it wants me to enable something. I assume it's because chat is hosted on your servers and the site is hosted on mine. But I don't know how to fix this and it's throwing this error constantly.
2- In developer console, it is showing my users and their user ID's to non-admin people. It switches randomly from "forbidden", which it should be, to showing ALL of the user ID's associated with every account that is online. I get that the chat needs this to function, but it should not go from forbidden to wide open, especially for someone not even using an admin account and just randomly using a browser developer console. I have a txt document for this and a screenshot, but I'd prefer not to post those publicly as again, it shows private user information and is a huge privacy bug.