none
Service does not allow a cross domain request

    Question

  • Hi, when I try to run the samples (hosted in IIS Express) and access the developer sandbox, I get the following error:

    Service does not allow a cross domain request from this origin.

    Screenshot: http://i.imgur.com/xRILrUf.png


    • Edited by kpko Tuesday, March 5, 2013 2:15 PM
    Tuesday, March 5, 2013 2:09 PM

Answers

  • Hmmm it seems the last GET request to https://lyncdiscover.contoso.com with X-Ms-Origin: http://localhost is not working as expected.  Above you stated that your cross-domain auth list ha http://localhost:9999.  Can you check in IIS and confirm that you are indeed hosting it on port 9999?  In the interim you could add http://localhost (no port) to the cross-domain auth list.

    Once you have added that domain check out this Fiddler2 trace I have made:

    Whitelist tester

    If you open that trace and drag the second request into the Composer tab and modify the request to https//lyncdiscover.contoso.com/ and change the X-Ms-Origin to the values you expect your cross-domain list to support it will be possible to test quickly.

    If you do need to post network traffic I suggest finding something like dropbox/skydrive and host the Fiddler2 trace.

    • Edited by ShelbyZ Monday, March 11, 2013 2:09 PM extra info
    • Proposed as answer by GS Ryu Tuesday, March 12, 2013 4:55 AM
    • Marked as answer by Kai Strandskov [Msft] Tuesday, March 19, 2013 8:06 PM
    Monday, March 11, 2013 2:07 PM

All replies

  • Try to bring up Developer Tools (F12), Clear the Browser Cache (ctrl+R), go to the Network tab and 'Start Capturing'.  At this point reload the site and watch the traffic with a particular interest on the tail end of it, should be a series of GET(s) / POST(s) on https://ocsrp.gotuc.net/... and what you are looking for is the 'Request Headers'.  Let me know what you are seeing as 'X-Ms-Origin'.

    One other thing you can try is removing the port number from localhost to see if that might be the issue (long shot...).


    • Edited by ShelbyZ Thursday, March 7, 2013 1:00 PM
    Tuesday, March 5, 2013 2:34 PM
  • Hi.

    Request:
    GET / HTTP/1.1
    Accept application/json
    X-Ms-Origin http://localhost:58598
    X-Requested-With XMLHttpRequest
    Referer https://lyncdiscover.gotuc.net/xframe
    Accept-Language de-DE
    Accept-Encoding gzip, deflate
    User-Agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Host lyncdiscover.gotuc.net
    DNT 1
    Connection Keep-Alive

    Response:

    Schlüssel Wert
    HTTP/1.1 403 Forbidden
    Connection Keep-Alive
    Date Tue, 05 Mar 2013 15:37:30 GMT
    Content-Type text/html
    Server Microsoft-IIS/8.0
    Cache-Control no-cache
    X-Ms-diagnostics 28070;source="FE01.corp.gotuc.net";reason="Service does not allow a cross domain request from this origin."
    X-MS-Server-Fqdn FE01.corp.gotuc.net
    X-Powered-By ASP.NET
    X-Content-Type-Options nosniff

    Tuesday, March 5, 2013 3:39 PM
  • So this issue is the the Lync Server (gotuc.net) has whitelisted http://localhost and not http://localhost:58598.  See if you can browse to http://localhost/ on your machine to access the samples.

    This would be assuming you do not have any other hosting services on your machine.  Locally on my machine it is hosted on port 80 (as I have nothing else being hosted) and I can access my site at: http://localhost/samples/index.html (or http://localhost/samples).

    Tuesday, March 5, 2013 3:51 PM
  • Hi!

    Thank you. Indeed port 80 fixed it. Now the sandbox environment works as expected, but my own environment doesn't work. I get the same error as in http://social.msdn.microsoft.com/Forums/nl-BE/ucwebapi/thread/34a2a032-d592-4e28-85e1-b5af1824d843

    Tuesday, March 5, 2013 4:49 PM
  • The issue you may be seeing could be related to not white-listing your system in your own Lync Server environment.  Documentation was just recently updated to include how to white-list: Configuration.

    At the point when your system is on the allowed list you might be in a better position to start debugging subsequent issues.

    Tuesday, March 5, 2013 8:13 PM
  • After that white-list Configuration and I set my origin domain "localhost" in there, But still cross domain request not allowed message shows.
    Wednesday, March 6, 2013 4:22 AM
  • Can you confirm what you are seeing as a result of running:

    Get-CsWebServiceConfiguration | select CrossDomainAuthorizationList

    And if you have a chance can you view the network traffic as described above (F12 Developer Tools -> Network Tab -> Start Capturing) and post the Request Headers for the failed response?

    Wednesday, March 6, 2013 1:06 PM
  • http://localhost:9999 and http://localhost are in the list.

    Request Header follows

    Key Value
    Request GET / HTTP/1.1
    X-Ms-Origin http://localhost:9999
    Accept application/json
    X-Requested-With XMLHttpRequest
    Referer https://lyncdiscover.contoso.com/xframe
    Accept-Language ko-KR
    Accept-Encoding gzip, deflate
    User-Agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Host lyncdiscover.contoso.com
    Connection Keep-Alive

    Thursday, March 7, 2013 5:24 AM
  • CrossDomainAuthorizationList List

    PS C:\Program Files\Microsoft Lync Server 2013\Deployment> (Get-CsWebServiceConfiguration | select C rossDomainAuthorizationList).CrossDomainAuthorizationList

    Url : http://portal.localhost.local

    Url : http://msg.localhost.local

    Url : http://localhost

    Url : http://ucwasample.contoso.com

    Url : http://localhost:9999

    • Edited by GS Ryu Thursday, March 7, 2013 5:33 AM
    Thursday, March 7, 2013 5:32 AM
  • Try to bring up Developer Tools (F12), Clear the Browser Cache (ctrl+R), go to the Network tab and 'Start Capturing'.  At this point reload the site and watch the traffic with a particular interest on the tail end of it, should be a series of GET(s) / POST(s) on your hosted domain and what you are looking for is the 'Request Headers'.  Let me know what you are seeing as 'X-Ms-Origin'.
    Thursday, March 7, 2013 1:01 PM
  • As i posted my traffic. X-Ms-Origin value is set to Cross domain Auth list "http://localhost:9999"

    "X-Ms-Origin http://localhost:9999"

    btw I tried remove X-Ms-Origin header xframe.js files then it works well like Beta.

            request.beforeSend = function(xhr) {
                //xhr.setRequestHeader('X-Ms-Origin', origin);
            }


    Friday, March 8, 2013 2:12 AM
  • By modifying XFrame.js you are removing the use of the white-list while it may be okay for a testing/development environment it is not advised for production.  I must have missed the network traffic posted above.  If you can revert the change and restart IIS (iisreset) / Clear your browser cache and try again to see the results.

    If that still does not clear up the issue it may require capturing/posting a more detailed network trace with a tool such as Fiddler2.

    Friday, March 8, 2013 1:21 PM
  • Fiddler captured headers text follows.

    if you need full text include body then inform me how to attach file.

    GET http://localhost/ HTTP/1.1

    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Connection: Keep-Alive
    Host: localhost


    HTTP/1.1 200 OK
    Content-Type: text/html
    Last-Modified: Sun, 03 Mar 2013 06:28:38 GMT
    Accept-Ranges: bytes
    ETag: "02ffb56d817ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:48 GMT
    Content-Length: 5741



    ------------------------------------------------------------------

    GET http://localhost/Styles.css HTTP/1.1
    Accept: text/css
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: text/css
    Last-Modified: Thu, 28 Feb 2013 05:35:42 GMT
    Accept-Ranges: bytes
    ETag: "0cbb2727515ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:48 GMT
    Content-Length: 5379



    ------------------------------------------------------------------

    GET http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.20/themes/smoothness/jquery-ui.css HTTP/1.1
    Accept: text/css
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: ajax.aspnetcdn.com
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Cache-Control: public,max-age=31536000
    Content-Length: 33251
    Content-Type: text/css
    Accept-Ranges: bytes
    ETag: "64e761c14a34cd1:0"
    Vary: Accept-Encoding
    Server: Microsoft-IIS/8.0
    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
    VTag: 791284942500000000
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/2.5
    X-Powered-By: ASP.NET
    Age: 3713267
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Last-Modified: Thu, 17 May 2012 16:33:14 GMT
    Expires: Mon, 27 Jan 2014 00:35:03 GMT
    Connection: keep-alive



    ------------------------------------------------------------------

    GET http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.6.2.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: ajax.aspnetcdn.com
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Cache-Control: public,max-age=31536000
    Content-Length: 91556
    Content-Type: application/x-javascript
    Accept-Ranges: bytes
    ETag: "8071f84c5537cc1:0"
    Vary: Accept-Encoding
    Server: Microsoft-IIS/8.0
    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
    VTag: 791164633200000000
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/2.5
    X-Powered-By: ASP.NET
    Age: 5489475
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Last-Modified: Thu, 30 Jun 2011 18:41:19 GMT
    Expires: Mon, 06 Jan 2014 11:11:35 GMT
    Connection: keep-alive



    ------------------------------------------------------------------

    GET http://ajax.aspnetcdn.com/ajax/jquery.ui/1.8.11/jquery-ui.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: ajax.aspnetcdn.com
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Cache-Control: public,max-age=31536000
    Content-Type: application/x-javascript
    Accept-Ranges: bytes
    ETag: "0f01c6c6ce3cb1:0"
    Vary: Accept-Encoding
    Server: Microsoft-IIS/8.0
    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
    VTag: 279879933200000000
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/2.5
    X-Powered-By: ASP.NET
    Content-Length: 199641
    Age: 5489657
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Last-Modified: Tue, 15 Mar 2011 23:55:12 GMT
    Expires: Mon, 06 Jan 2014 11:08:33 GMT
    Connection: keep-alive



    ------------------------------------------------------------------

    GET http://ajax.aspnetcdn.com/ajax/jquery.templates/beta1/jquery.tmpl.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: ajax.aspnetcdn.com
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Cache-Control: public,max-age=31536000
    Content-Length: 6007
    Content-Type: application/x-javascript
    Accept-Ranges: bytes
    ETag: "191d88a41e64cb1:0"
    Vary: Accept-Encoding
    Server: Microsoft-IIS/8.0
    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
    VTag: 279312832400000000
    X-Powered-By: ASP.NET
    X-Powered-By: ARR/2.5
    X-Powered-By: ASP.NET
    Age: 5489589
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Last-Modified: Mon, 04 Oct 2010 23:48:28 GMT
    Expires: Mon, 06 Jan 2014 11:09:41 GMT
    Connection: keep-alive



    ------------------------------------------------------------------

    GET http://localhost/scripts/Site.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:30 GMT
    Accept-Ranges: bytes
    ETag: "04b62f7fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 5063



    ------------------------------------------------------------------

    GET http://localhost/scripts/GeneralHelper.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:28 GMT
    Accept-Ranges: bytes
    ETag: "01e31f6fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 4586



    ------------------------------------------------------------------

    GET http://localhost/scripts/Cache.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:28 GMT
    Accept-Ranges: bytes
    ETag: "01e31f6fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 10984



    ------------------------------------------------------------------

    GET http://localhost/scripts/Transport.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:30 GMT
    Accept-Ranges: bytes
    ETag: "04b62f7fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 22273



    ------------------------------------------------------------------

    GET http://localhost/scripts/UcwaMain.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:30 GMT
    Accept-Ranges: bytes
    ETag: "04b62f7fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 1306



    ------------------------------------------------------------------

    GET http://localhost/scripts/Autodiscovery.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:28 GMT
    Accept-Ranges: bytes
    ETag: "01e31f6fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 6490



    ------------------------------------------------------------------

    GET http://localhost/scripts/Authentication.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Thu, 07 Mar 2013 07:04:50 GMT
    Accept-Ranges: bytes
    ETag: "23fd4df21bce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 23964



    ------------------------------------------------------------------

    GET http://localhost/scripts/Events.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:28 GMT
    Accept-Ranges: bytes
    ETag: "01e31f6fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 10347



    ------------------------------------------------------------------

    GET http://localhost/scripts/Mime.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:30 GMT
    Accept-Ranges: bytes
    ETag: "04b62f7fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 8778



    ------------------------------------------------------------------

    GET http://localhost/scripts/Index.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:30 GMT
    Accept-Ranges: bytes
    ETag: "04b62f7fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 4142



    ------------------------------------------------------------------

    GET http://localhost/scripts/Batch.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:28 GMT
    Accept-Ranges: bytes
    ETag: "01e31f6fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 12782



    ------------------------------------------------------------------

    GET http://localhost/scripts/OperationResource.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 03 Mar 2013 10:36:30 GMT
    Accept-Ranges: bytes
    ETag: "04b62f7fa17ce1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:50 GMT
    Content-Length: 4324



    ------------------------------------------------------------------

    GET http://localhost/images/ajax-loader.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: image/gif
    Last-Modified: Mon, 09 Jul 2012 23:02:26 GMT
    Accept-Ranges: bytes
    ETag: "02d23e8265ecd1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:56 GMT
    Content-Length: 1924



    ------------------------------------------------------------------

    GET http://localhost/favicon.ico HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Host: localhost
    Connection: Keep-Alive


    HTTP/1.1 404 Not Found
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:56 GMT
    Content-Length: 4866



    ------------------------------------------------------------------

    GET http://localhost/content-template.html HTTP/1.1
    X-Requested-With: XMLHttpRequest
    Accept: text/plain, */*; q=0.01
    Referer: http://localhost/
    Accept-Language: ko-KR
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Connection: Keep-Alive
    Host: localhost


    HTTP/1.1 200 OK
    Content-Type: text/html
    Last-Modified: Wed, 09 Jan 2013 02:44:38 GMT
    Accept-Ranges: bytes
    ETag: "02f394413eecd1:0"
    Server: Microsoft-IIS/8.0
    Date: Mon, 11 Mar 2013 00:02:56 GMT
    Content-Length: 2113



    ------------------------------------------------------------------

    CONNECT lyncdiscover.contoso.com:443 HTTP/1.0
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Connection: Keep-Alive
    Content-Length: 0
    Host: lyncdiscover.contoso.com
    Pragma: no-cache


    HTTP/1.0 200 Connection Established
    FiddlerGateway: Direct
    StartTime: 09:03:17.881
    Connection: close



    ------------------------------------------------------------------

    GET https://lyncdiscover.contoso.com/xframe HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Referer: http://localhost/
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: lyncdiscover.contoso.com
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: text/html
    Last-Modified: Wed, 23 Jan 2013 15:11:16 GMT
    Accept-Ranges: bytes
    ETag: "02b2e37bf9cd1:0"
    Vary: Accept-Encoding
    Server: Microsoft-IIS/8.0
    X-MS-Server-Fqdn: W15-LYNC-SE1.Contoso.com
    X-Powered-By: ASP.NET
    X-Content-Type-Options: nosniff
    Date: Mon, 11 Mar 2013 00:01:28 GMT
    Content-Length: 377



    ------------------------------------------------------------------

    GET https://lyncdiscover.contoso.com/Autodiscover/XFrame/Scripts/jquery-1.7.2.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://lyncdiscover.contoso.com/xframe
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: lyncdiscover.contoso.com
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Wed, 23 Jan 2013 15:13:40 GMT
    Accept-Ranges: bytes
    ETag: "0aa86397cf9cd1:0"
    Vary: Accept-Encoding
    Server: Microsoft-IIS/8.0
    X-MS-Server-Fqdn: W15-LYNC-SE1.Contoso.com
    X-Powered-By: ASP.NET
    X-Content-Type-Options: nosniff
    Date: Mon, 11 Mar 2013 00:01:28 GMT
    Content-Length: 96488



    ------------------------------------------------------------------

    CONNECT lyncdiscover.contoso.com:443 HTTP/1.0
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Connection: Keep-Alive
    Content-Length: 0
    Host: lyncdiscover.contoso.com
    Pragma: no-cache


    HTTP/1.0 200 Connection Established
    FiddlerGateway: Direct
    StartTime: 09:03:18.921
    Connection: close



    ------------------------------------------------------------------

    GET https://lyncdiscover.contoso.com/Autodiscover/XFrame/Scripts/XFrame.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://lyncdiscover.contoso.com/xframe
    Accept-Language: ko-KR
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Accept-Encoding: gzip, deflate
    Host: lyncdiscover.contoso.com
    Connection: Keep-Alive


    HTTP/1.1 200 OK
    Content-Type: application/javascript
    Last-Modified: Sun, 10 Mar 2013 23:57:58 GMT
    Accept-Ranges: bytes
    ETag: "21fd1217eb1dce1:0"
    Vary: Accept-Encoding
    Server: Microsoft-IIS/8.0
    X-MS-Server-Fqdn: W15-LYNC-SE1.Contoso.com
    X-Powered-By: ASP.NET
    X-Content-Type-Options: nosniff
    Date: Mon, 11 Mar 2013 00:01:28 GMT
    Content-Length: 1161



    ------------------------------------------------------------------

    GET https://lyncdiscover.contoso.com/ HTTP/1.1
    X-Ms-Origin: http://localhost
    Accept: application/json
    X-Requested-With: XMLHttpRequest
    Referer: https://lyncdiscover.contoso.com/xframe
    Accept-Language: ko-KR
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
    Host: lyncdiscover.contoso.com
    Connection: Keep-Alive


    HTTP/1.1 403 Forbidden
    Content-Type: text/html
    Server: Microsoft-IIS/8.0
    X-Ms-diagnostics: 28070;source="W15-LYNC-SE1.Contoso.com";reason="Service does not allow a cross domain request from this origin."
    X-MS-Server-Fqdn: W15-LYNC-SE1.Contoso.com
    X-Powered-By: ASP.NET
    X-Content-Type-Options: nosniff
    Date: Mon, 11 Mar 2013 00:01:29 GMT
    Content-Length: 1233



    ------------------------------------------------------------------

    Monday, March 11, 2013 12:15 AM
  • Hmmm it seems the last GET request to https://lyncdiscover.contoso.com with X-Ms-Origin: http://localhost is not working as expected.  Above you stated that your cross-domain auth list ha http://localhost:9999.  Can you check in IIS and confirm that you are indeed hosting it on port 9999?  In the interim you could add http://localhost (no port) to the cross-domain auth list.

    Once you have added that domain check out this Fiddler2 trace I have made:

    Whitelist tester

    If you open that trace and drag the second request into the Composer tab and modify the request to https//lyncdiscover.contoso.com/ and change the X-Ms-Origin to the values you expect your cross-domain list to support it will be possible to test quickly.

    If you do need to post network traffic I suggest finding something like dropbox/skydrive and host the Fiddler2 trace.

    • Edited by ShelbyZ Monday, March 11, 2013 2:09 PM extra info
    • Proposed as answer by GS Ryu Tuesday, March 12, 2013 4:55 AM
    • Marked as answer by Kai Strandskov [Msft] Tuesday, March 19, 2013 8:06 PM
    Monday, March 11, 2013 2:07 PM
  • Hey Lync Team and Community, thanks for your support first.

    I got same the same issue but cannot upload neither img or link to provide evidences; let me know next step.

    I'm using the Lync TAP virtual environment on Hyper-V (on Windows 8) with CU1 installed and bootstrapped and whitelisted accordingly, but it doesn't seem to work...

    Let me know,

    Best regards,

    Claudio


    Friday, March 22, 2013 11:09 PM
  • I'm also available for a Lync call to share my desktop and show the issue :-)
    Friday, March 22, 2013 11:11 PM
  • Any Lync mate available to help?.... I'm getting this same error from the W15-ts dev client included in the Lync 15 TAP set...

    I'm sure I'm missing something basic because everything else works including a Persistent chat PoC I have wrote in C# & WinForms...

    Thanks in advance for any help!

    Best regards,

    Claudio

    Tuesday, March 26, 2013 2:30 AM
  • White list config for Skype see https://ucwa.skype.com/documentation/ITAdmin-Configuration
    Tuesday, April 16, 2019 11:39 AM