Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

Cross Site Scripting issue with CUMI API

89
Views
0
Helpful
0
Comments
cdnadmin
cdnadmin Advisor
‎01-24-2014 05:01 PM
edited on: ‎01-24-2014 ‎05:01 PM
This document was generated from CDN thread

Created by: Amit Gupta on 30-10-2012 01:38:12 AM
We need to have voicemail indicator on jabber sdk web based softphone, for which we are using CUMI api for sending notification. But when trying to use below snippet from your api doc, I'm getting Access-Control-Allow-Origin not allowed issue.
$.ajax({
type: "POST",
contentType: "application/xml; charset=utf-8",
url: "/vmrest/mailbox?method=requestnotification",
data: "{}",
dataType: "text",
success: function(subscriptionId) {
gSubscriptionId = subscriptionId;
alert("Requested events for mailbox, subscriptionId=" + subscriptionId);
}
});
Here is the doc that I'm referring to: [url=http://docwiki.cisco.com/wiki/Cisco_Unity_Connection_Messaging_Interface_(CUMI)_API_--_Using_the_CUMI_API_for_Sending_Notifications]http://docwiki.cisco.com/wiki/Cisco_Unity_Connection_Messaging_Interface_(CUMI)_API_--_Using_the_CUMI_API_for_Sending_...
Error message : XMLHttpRequest cannot load http://uc90zcv1.abc.org/vmrest/mailbox?method=requestnotification. Origin http://wpwdlsrm.abc.org:8080 is not allowed by Access-Control-Allow-Origin.
 Do you think it could be a access issue ? I do have following roles for my userid in Unity server : Mailbox Access Delegate Account /Remote Admin /System Admin /User Admin.
FYI, The same AJAX call works fine when I change type to GET and dataType to jsonp but POST is not working for some reason.
any help would highly be appreciated.
Regards,
Amit

Subject: RE: Cross Site Scripting issue with CUMI API
Replied by: Anil Singh on 30-10-2012 02:01:53 PM
Have you tried to send this request with header as "Access-Control-Allow-Origin" ?
e.g. in PHP
<pre class="code"> <?php
header("Access-Control-Allow-Origin: *");

Let me know, if still there is an issue.

-Anil Singh</pre>

Subject: RE: Cross Site Scripting issue with CUMI API
Replied by: Amit Gupta on 30-10-2012 02:43:25 PM
Anil, Yes I tried that too but didn't work.
 Here is my code for your review.
function requestVoicemailPost() {       
 jQuery.support.cors = true;
        jQuery.ajax({
                type: 'POST',
                 contentType: 'application/xml; charset=utf-8',
                 url: 'https://XXXXXX.opr.test.abc.org/vmrest/mailbox?method=requestnotification',
                 data: '{}',
                 dataType: 'text',
                 username: 'XXXX',
                 password:'XXXXXXXX',
                 xhrFields: {
                      withCredentials: true
                 },
                beforeSend: function (req){
                         req.setRequestHeader('Access-Control-Allow-Origin', '*');
                 },
                 success: function(subscriptionId) {
                         gSubscriptionId = subscriptionId;
                         alert('Requested events for mailbox, subscriptionId=' + subscriptionId);
                 },
                 complete: function(jqXHR, textStatus) {
                            alert('complete: ' + textStatus +  '  responseText: ' + jqXHR.responseText);
                 }
        });   
    }
Thanks!
Amit
 
0 Helpful
Latest Contents
Macro - DX80 - xConfiguration
Created by Jamesabooth19851 on 01-16-2020 04:52 PM
0
0
0
0
Hey Guys, I am looking to build a macro that would send an xConfiguration network Network [1] IPStack: Dual command at 00:01 on weekdays, our DX80 keeps switching to IPv4 as we are using IPv4 in our CUCM any ideas?My script below:const xapi = re... view more
Sandbox XSI Event Channel created - but heartbeat fail with ...
Created by simonbrinkmann on 01-16-2020 03:01 AM
0
0
0
0
 I've created an eventchannel and XSP server responds with a channelId. But when I try to send a heartheartbeat I get a 404 Not Found in return. I've tried testing different users, testing with admin user (unauthorized), changing ChannelSetId an... view more
Jabber sdk - 2 sessions in parallel on the same workstation
Created by baptiste.croizer on 01-15-2020 07:45 AM
0
0
0
0
Hello,Does anyone have an idea if there is a way to use 2 Jabber sdk sessions at the same time on the same workstation. My usecase: we develop a Chrome softphone based on jabber sdk on many specific Web applications, with the Web communicator installed on... view more
TMS integration with third party app
Created by Anurag Srivastava1 on 01-13-2020 08:15 PM
0
0
0
0
Hello Experts, We are trying to integrate TMS with facility management tool through API.If i am using web on same server i am able to access the WSDL file but when i am using code with basic authentication its not happening on same server.we tried ot... view more
Sandbox xsi-events subscription not found
Created by aluxmore on 01-13-2020 10:04 AM
0
0
0
0
When I use the sandbox to create a subscription such as uri: http://broadsoftsandboxxsp.cisco.com/com.broadsoft.xsi-events/v2.0/user/<<user information>>where <<user information>> is the actual information established when I c... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
FusionCharts will render here
This widget could not be displayed.