Cross Site Scripting issue with CUMI API

Version 1
    This document was generated from CDN thread

    Created by: Amit Gupta on 30-10-2012 01:38:12 AM
    We need to have voicemail indicator on jabber sdk web based softphone, for which we are using CUMI api for sending notification. But when trying to use below snippet from your api doc, I'm getting Access-Control-Allow-Origin not allowed issue.
    $.ajax({
    type: "POST",
    contentType: "application/xml; charset=utf-8",
    url: "/vmrest/mailbox?method=requestnotification",
    data: "{}",
    dataType: "text",
    success: function(subscriptionId) {
    gSubscriptionId = subscriptionId;
    alert("Requested events for mailbox, subscriptionId=" + subscriptionId);
    }
    });
    Here is the doc that I'm referring to: [url=http://docwiki.cisco.com/wiki/Cisco_Unity_Connection_Messaging_Interface_(CUMI)_API_--_Using_the_CUMI_API_for_Sending_Notifications]http://docwiki.cisco.com/wiki/Cisco_Unity_Connection_Messaging_Interface_(CUMI)_API_--_Using_the_CUMI_API_for_Sending_Notifications
    Error message : XMLHttpRequest cannot load http://uc90zcv1.abc.org/vmrest/mailbox?method=requestnotification. Origin http://wpwdlsrm.abc.org:8080 is not allowed by Access-Control-Allow-Origin.
     Do you think it could be a access issue ? I do have following roles for my userid in Unity server : Mailbox Access Delegate Account /Remote Admin /System Admin /User Admin.
    FYI, The same AJAX call works fine when I change type to GET and dataType to jsonp but POST is not working for some reason.
    any help would highly be appreciated.
    Regards,
    Amit

    Subject: RE: Cross Site Scripting issue with CUMI API
    Replied by: Anil Singh on 30-10-2012 02:01:53 PM
    Have you tried to send this request with header as "Access-Control-Allow-Origin" ?
    e.g. in PHP
    <pre class="code"> <?php
    header("Access-Control-Allow-Origin: *");

    Let me know, if still there is an issue.

    -Anil Singh</pre>

    Subject: RE: Cross Site Scripting issue with CUMI API
    Replied by: Amit Gupta on 30-10-2012 02:43:25 PM
    Anil, Yes I tried that too but didn't work.
     Here is my code for your review.
    function requestVoicemailPost() {       
     jQuery.support.cors = true;
            jQuery.ajax({
                    type: 'POST',
                     contentType: 'application/xml; charset=utf-8',
                     url: 'https://XXXXXX.opr.test.abc.org/vmrest/mailbox?method=requestnotification',
                     data: '{}',
                     dataType: 'text',
                     username: 'XXXX',
                     password:'XXXXXXXX',
                     xhrFields: {
                          withCredentials: true
                     },
                    beforeSend: function (req){
                             req.setRequestHeader('Access-Control-Allow-Origin', '*');
                     },
                     success: function(subscriptionId) {
                             gSubscriptionId = subscriptionId;
                             alert('Requested events for mailbox, subscriptionId=' + subscriptionId);
                     },
                     complete: function(jqXHR, textStatus) {
                                alert('complete: ' + textStatus +  '  responseText: ' + jqXHR.responseText);
                     }
            });   
        }
    Thanks!
    Amit