cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3623
Views
2
Helpful
5
Replies

No 'Access-Control-Allow-Origin' on calls to apidemoeu.webex.com

jmennear
Cisco Employee
Cisco Employee

I am getting an error when running my application on Google Chrome.

The error is : XMLHttpRequest cannot load https://apidemoeu.webex.com/WBXService/XMLService. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost:44301' is therefore not allowed access.

I have gone through a bunch of CORS documents but I am not able to figure out if it is a CORS issue or, if it is something else.

Is there someone there who can provide some guidance to help get be past this problem?

By the way, the exact same code works perfectly when run in Internet Explorer, so I am pretty sure the code itself is OK.

Thanks.

5 Replies 5

nmorrow
Cisco Employee
Cisco Employee

Hello,

     This is a cross domain scripting security feature built in to your web browser. It would not be feasible to add an access control allow origin on the XML API server, due to the unlimited number of origins possible. You will need to rely on a server to server communication, or require browsers with no such security limitation.

Server to server would be a proxy server I set up and my application sends a request to my proxy and that proxy talks to the webex server?

Are there any such servers out there?

Do I have to build a proxy server and a proxy server application to perform something like that?

-john mennear

408-894-6856

http://cisco-ucdt.blogspot.com/

http://cisco-ciac.blogspot.com/

Hello,

     Server to server would be built on PHP, ASP, Perl, etc, rather than JavaScript. Local scripting is much less secure and your browser has included additional security measures when using it to send information to a domain that is different than yours. I have not found a way to get around this security measure in either Chrome or Firefox. Internet Explorer will usually allow this after clicking the information bar and allowing it. Safari on OSX also tends to work for cross domain scripting.

A different API, but this page has some background/info/suggestions and actual configurations which may help in getting a simple HTTP proxy up...

https://developer.cisco.com/site/collaboration/jabber/websdk/develop-and-test/im-and-presence/xmpp-deployment-guide/inde…

For anyone out there in the future who has this problem I found a way to disable cross browser security in chrome:

Start chrome like this:

C:\PROGRA~2\Google\Chrome\Application\chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

Reference information came from

http://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome

-john mennear

408-894-6856

http://cisco-ucdt.blogspot.com/

http://cisco-ciac.blogspot.com/