I'm using unity server version: 10.5.2.10000-5.
CORS setting is enabled on the server side and each client based request is working till the moment when i'm trying to get voicemail message attachment.
Browser request is following:
- Request URL:https://<host>/vmrest/messages/0:53df9a65-aa17-4370-8d33-d2b74cd4a5d5/attachments/0
- Server:Request Headers
- Accept-Encoding:gzip, deflate, sdch
- Authorization:Basic <auth>
- User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
Browser response Headers are following:
- Content-Disposition:inline; filename=VoiceMessage.wav; voice=Voice-Message
- Content-Type:audio/wav; name=voicemessage.wav
- As a result i'm receiving following error:
- XMLHttpRequest cannot load https://<host>/vmrest/messages/0:53df9a65-aa17-4370-8d33-d2b74cd4a5d5/attachments/0. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.
- Can you please help me how i can solve this issue? Is this a feature for security reasons or is a server configuration setting?
You didn't show an example of a working request, but having messed with CORS a bit recently, I think some (most/all?) browsers will not allow a secure request from a non-secure page, and vice versa. I.e. in your request the host origin is insecure (http://localhost) and the scripted request is secure (https://<server>/vmrest)
If that's not the issue, then perhaps it is possible there is some defect in /vmrest that fails to handle same-origin just for message retrieval. Is it possible that requesting this message content URL actually results in a redirect to another URL or host (Mediasense?)
Thanks for the reply. I've tried on environment with https and the result is the same. All other CORS requests are passing (for example /vmrest/mailbox/folders/inbox/messages?type=voice returns all voice messages which i have) instead downloading of the attachment.