Showing results for 
Search instead for 
Did you mean: 
Please note that Remote Expert Mobile announced end-of-life and support will end on February 28, 2022.
Cisco Employee

No 'Access-Control-Allow-Origin' header is present on the requested resource

Hi all,

I'm using unity server version:

I'm trying to implement javascript based client using CORS.

CORS setting is enabled on the server side and each client based request is working till the moment when i'm trying to get voicemail message attachment.

Browser request is following:

    1. Request URL:https://<host>/vmrest/messages/0:53df9a65-aa17-4370-8d33-d2b74cd4a5d5/attachments/0
    2. Server:Request Headers
    1. Accept:*/*
    2. Accept-Encoding:gzip, deflate, sdch
    3. Accept-Language:en-US,en;q=0.8,bg;q=0.6,hy;q=0.4
    4. Authorization:Basic <auth>
    5. Connection:keep-alive
    6. Host:<host>
    7. Origin:http://localhost
    8. Referer:http://localhost/
    9. User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36

Browser response Headers are following:

    1. Content-Disposition:inline; filename=VoiceMessage.wav; voice=Voice-Message
    2. Content-Length:36378
    3. Content-Type:audio/wav; name=voicemessage.wav
  1. As a result i'm receiving following error:
  2. XMLHttpRequest cannot load https://<host>/vmrest/messages/0:53df9a65-aa17-4370-8d33-d2b74cd4a5d5/attachments/0. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.

  3. Can you please help me how i can solve this issue? Is this a feature for security reasons or is a server configuration setting?
  4. Thanks,
  5. Valentin

Everyone's tags (4)
Cisco Employee

Re: No 'Access-Control-Allow-Origin' header is present on the requested resource

You didn't show an example of a working request, but having messed with CORS a bit recently, I think some (most/all?) browsers will not allow a secure request from a non-secure page, and vice versa.  I.e. in your request the host origin is insecure (http://localhost) and the scripted request is secure (https://<server>/vmrest)

If that's not the issue, then perhaps it is possible there is some defect in /vmrest that fails to handle same-origin just for message retrieval.  Is it possible that requesting this message content URL actually results in a redirect to another URL or host (Mediasense?)

Cisco Employee

Re: No 'Access-Control-Allow-Origin' header is present on the requested resource


Thanks for the reply. I've tried on environment with https and the result is the same. All other CORS requests are passing (for example /vmrest/mailbox/folders/inbox/messages?type=voice returns all voice messages which i have) instead downloading of the attachment.



CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.