How can we help you today?
Start a new topic

Remote Control Access-Control-Allow-Origin


Snom phones can't be remotely controlled via a webpage using the URLs provided here because the phone doesn't return an 'Access-Control-Allow-Origin' header so the XHR request isn't fulfilled by the browser.

Hi Ali,

yes, the phones at the moment doesn't provide the Access-Control-Allow-Origin header.

can you please better describe your use case and how you would like to fill such header ?



I'm building a support system for our Snom deployment where sometimes it is necessary to run a command on the phone itself. Mostly it's just to reboot the phone so it immediately downloads the new configs from the provisioning server but the plan is to add more features over time. I was able to get around the access control issue by issuing the request as a JSONP request which doesn't verify the header, but that's not a very clean way of doing it. Ideally, there should be a setting on the Snom to either allow all Origins "*", or to put in one or more permitted origins. If it's only 1, simply use that as the value for the header. A more advanced implementation could be if there's more than 1, compare the Origin sent on the request to the list, and if it's there, send that back. Otherwise, don't send the header which would block the request on the browser side.

Now I get your point, I guess the phone is configured to ask HTTP authentication then your browser cannot send HTTP requests containing the credentials because the absence of the Access-Control-Allow-Origin header.

I'll open a feature request to the development,

Thanks for your report,

@Pietro Bertera

Is there any progress on this or can we upvote the feature request?

Login or Signup to post a comment