Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2729
Views
2
Helpful
2
Replies

No 'Access-Control-Allow-Origin' header is present on the requested resource

valnikol
Cisco Employee
Cisco Employee

‎06-22-2015 07:02 AM

Hi all,

I'm using unity server version: 10.5.2.10000-5.

I'm trying to implement javascript based client using CORS.

CORS setting is enabled on the server side and each client based request is working till the moment when i'm trying to get voicemail message attachment.

Browser request is following:

    1. Request URL:https://<host>/vmrest/messages/0:53df9a65-aa17-4370-8d33-d2b74cd4a5d5/attachments/0
    2. Server:Request Headers
    1. Accept:*/*
    2. Accept-Encoding:gzip, deflate, sdch
    3. Accept-Language:en-US,en;q=0.8,bg;q=0.6,hy;q=0.4
    4. Authorization:Basic <auth>
    5. Connection:keep-alive
    6. Host:<host>
    7. Origin:http://localhost
    8. Referer:http://localhost/
    9. User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36

Browser response Headers are following:

    2. Content-Disposition:inline; filename=VoiceMessage.wav; voice=Voice-Message
    3. Content-Length:36378
    4. Content-Type:audio/wav; name=voicemessage.wav
  2. As a result i'm receiving following error:
  3. XMLHttpRequest cannot load https://<host>/vmrest/messages/0:53df9a65-aa17-4370-8d33-d2b74cd4a5d5/attachments/0. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.

  6. Can you please help me how i can solve this issue? Is this a feature for security reasons or is a server configuration setting?
  8. Thanks,
  9. Valentin




1 person had this problem
2 Replies 2

dstaudt
Cisco Employee
Cisco Employee

‎06-23-2015 01:31 PM

You didn't show an example of a working request, but having messed with CORS a bit recently, I think some (most/all?) browsers will not allow a secure request from a non-secure page, and vice versa.  I.e. in your request the host origin is insecure (http://localhost) and the scripted request is secure (https://<server>/vmrest)

If that's not the issue, then perhaps it is possible there is some defect in /vmrest that fails to handle same-origin just for message retrieval.  Is it possible that requesting this message content URL actually results in a redirect to another URL or host (Mediasense?)

valnikol
Cisco Employee
Cisco Employee
In response to dstaudt

‎06-23-2015 11:57 PM

Hi,

Thanks for the reply. I've tried on environment with https and the result is the same. All other CORS requests are passing (for example /vmrest/mailbox/folders/inbox/messages?type=voice returns all voice messages which i have) instead downloading of the attachment.

Thanks,

Valentin

0 Helpful
Customers Also Viewed These Support Documents