I have recently configured a CDN through Nexcess, our hosting provider, for our Magento store. I originally did this only for media images but recently moved the theme/skin files over the CDN as well. This seems to be working great on the frontend, but I’ve noticed a problem in the admin. If I try to upload product images it fails after selecting the file in the popup. It never shows me the extra box where I select which type of image it is and complete the upload. This is only a problem when the unsecure skin URL is pointed at the CDN. If I point it locally again, everything works fine.
My guess is that it has something to do with the javascript that lives in the skin folders. Some JS is theme based rather than being in the root js/ folder, and I know that sometimes remotely hosted javascript can be an issue. Our CDN URL is in our subdomain, though, so I would imagine that would be okay but I just don’t know enough about this stuff.
Has anyone run into this or a similar problem? Any ideas?
@clockworkgeek is right, it is related to a security restriction (XSS I believe). One option that doesn’t require installing a module is to specify that only your frontend website serves its JS from the CDN, which means that admin-side JS will come from the server preventing the XSS issue.
To achieve this, change the website scope in the System>Config>Web section of the admin to your frontend store, untick the “Use Website” checkbox and set the “Base JavaScript URL” to the CDN. Change the scope back to “Default Config” and set the “Base Javascript URL” to
{{unsecure_base_url}}js/Hope this helps,
JD