"Security Risk" Error Message in IE9 with Yammer Embed Feed

Question

I have an app that Embeds a Yammer feed using the Yammer "embedFeed" API. The app is hosted under SSL (via HTTPS).

On PC's running IE9 it's causing IE to display a dialog box that says: "This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?"

The code that displays the Yammer Embed is very straight forward as shown below.

<!-- This is included in the <HEAD> tag -->
<script type="text/javascript" src="https://c64.assets-yammer.com/assets/platform_embed.js"></script>

<!-- This is included at the bottom of the page -->
<script>
    yam.connect.embedFeed({
        container: '#YammerContent',
        network: 'domain.com'
    });
</script>

Everything works fine in Firefox, Chrome and IE11 on other PCs.

I think this issue is related to the IE9 Security settings within Internet Options. However, I have yet to figure out what setting may be the issue.

I have the following questions regarding fixing this issue:

1. Could this be a bug in Yammer Embed script related to embedding within an SSL/HTTPS site?
2. Is there something in the configuration of the site and/or HTML that could fix this?
3. Is there an Internet Options Security setting that could be set to easily fix this?

Answer 1

This is a CORS (Cross Origin Resource Sharing) issue in IE9. Please be sure that all the URLs that need to be added in trusted sites are there, for reference https://technet.microsoft.com/en-us/library/hh373144.aspx.

Here's a snippet of the Yammer portion of the guidance:

*.assets-yammer.com
ajax.googleapis.com^
*.cloudfront.net^
*.crocodoc.com^
*.yammer.com
*.yammerusercontent.com
^These URLs are for third party services used by Yammer to provide the ability of viewing documents, videos and images uploaded by your users into Yammer. These URLs are not required to be on the allow list if your organization is administratively disabling the ability of uploading files into Yammer