Cross‐site access from a visitor browser is usually denied by the same origin policy implemented by the browser. Two resources are considered to be of the same origin if they share the same domain name, port number and protocol. However the HTML <script> element is able to perform content retrieval from foreign origins.

For request to the Call Setup API from a visitor browser, the origin of the Call Setup API will usually differ from that of the customer site that the visitor is visiting. Therefore we need to provide a workaround to the same origin policy.

JSONP (JSON with Padding) and CORS (Cross‐Origin Resource Sharing) provide two ways in which we can provide a workaround to the same origin policy. CORS is a more modern alternative to JSONP and is supported by more modern browsers. This will be supported by the Call API.

The Call API is expected to support any browser version with a market share of 2% or greater. This includes a number of browser versions that do not support CORS. This currently includes:

Level of support for CORS

Browser Version

None

IE7 and earlier

Firefox 3.0 and earlier

Safari 3.x and earlier

Opera 11 and earlier

Partial

IE8 and IE9

For browsers that do not support CORS, JSONP is supported as a fallback. JSONP does not support the POST or DELETE methods, so GET alternatives for the Start Call and End Call API methods have to be provided.

Once all supported browser versions support CORS, support for JSONP will be deprecated.


Copyright © 1997, 2016 Oracle and/or its affiliates. All rights reserved. Legal Notices