Introduction
Cross-origin resource sharing (CORS) is a mechanism that restrict resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated.
Problem
You have java script on an application server that sends a JSON to the CBA Web Gateway to get a session. However when you browse to http://<your-app-server>/webpage-to-get-service but you get a CORS error.
Resolution
To get around the CORS issue in this scenario you will need to include an allowedOrigins header in your JSON e.g.
$json = '
{
"webAppId": "StevesWebID1233455667888",
"allowedOrigins" : ["*"],
"urlSchemeDetails": {
"host": "192.168.50.17",
"port": "8080",
"secure": false
},
"voice":
{
"username": "annon",
"domain": "registrar.trial.cba.com",
"inboundCallingEnabled": false
}
}
';
WARNING: The above example has a wildcard to allow all you will want to specify your particular server.