CUC Forums

« Back to CUMI Questions

Cross Site Scripting issue with CUMI API

Combination View Flat View Tree View
Threads [ Previous | Next ]
Cross Site Scripting issue with CUMI API
Answer
10/30/12 6:38 AM
We need to have voicemail indicator on jabber sdk web based softphone, for which we are using CUMI api for sending notification. But when trying to use below snippet from your api doc, I'm getting Access-Control-Allow-Origin not allowed issue.
$.ajax({
type: "POST",
contentType: "application/xml; charset=utf-8",
url: "/vmrest/mailbox?method=requestnotification",
data: "{}",
dataType: "text",
success: function(subscriptionId) {
gSubscriptionId = subscriptionId;
alert("Requested events for mailbox, subscriptionId=" + subscriptionId);
}
});
Here is the doc that I'm referring to: [url=http://docwiki.cisco.com/wiki/Cisco_Unity_Connection_Messaging_Interface_(CUMI)_API_--_Using_the_CUMI_API_for_Sending_Notifications]http://docwiki.cisco.com/wiki/Cisco_Unity_Connection_Messaging_Interface_(CUMI)_API_--_Using_the_CUMI_API_for_Sending_Notifications
Error message : XMLHttpRequest cannot load http://uc90zcv1.abc.org/vmrest/mailbox?method=requestnotification. Origin http://wpwdlsrm.abc.org:8080 is not allowed by Access-Control-Allow-Origin.
 Do you think it could be a access issue ? I do have following roles for my userid in Unity server : Mailbox Access Delegate Account /Remote Admin /System Admin /User Admin.
FYI, The same AJAX call works fine when I change type to GET and dataType to jsonp but POST is not working for some reason.
any help would highly be appreciated.
Regards,
Amit
Flag

RE: Cross Site Scripting issue with CUMI API
Answer
10/30/12 7:01 PM as a reply to Amit Gupta.
Have you tried to send this request with header as "Access-Control-Allow-Origin" ?
e.g. in PHP
<pre class="code"> <?php
header("Access-Control-Allow-Origin: *");

Let me know, if still there is an issue.

-Anil Singh</pre>
Flag

RE: Cross Site Scripting issue with CUMI API
Answer
10/30/12 7:43 PM as a reply to Anil Singh.
Anil, Yes I tried that too but didn't work.
 Here is my code for your review.
function requestVoicemailPost() {       
 jQuery.support.cors = true;
        jQuery.ajax({
                type: 'POST',
                 contentType: 'application/xml; charset=utf-8',
                 url: 'https://XXXXXX.opr.test.abc.org/vmrest/mailbox?method=requestnotification',
                 data: '{}',
                 dataType: 'text',
                 username: 'XXXX',
                 password:'XXXXXXXX',
                 xhrFields: {
                      withCredentials: true
                 },
                beforeSend: function (req){
                         req.setRequestHeader('Access-Control-Allow-Origin', '*');
                 },
                 success: function(subscriptionId) {
                         gSubscriptionId = subscriptionId;
                         alert('Requested events for mailbox, subscriptionId=' + subscriptionId);
                 },
                 complete: function(jqXHR, textStatus) {
                            alert('complete: ' + textStatus +  '  responseText: ' + jqXHR.responseText);
                 }
        });   
    }
Thanks!
Amit
 
Flag