Currently the RESTAPI doesn't respond to CORS (Cross Origin Request Sharing, see [1]) request sent by browsers. It should do so, and allow requests from a restricted and configurable set of origins. [1] http://www.w3.org/TR/cors/
https://fedorahosted.org/ovirt/ticket/287 and requested it in Fedora on bug #1186751
ok rhevm-backend-3.6.3.4-0.1.el6.noarch 1. all origins enabled OK CORSSupport: true version: general CORSAllowedOrigins: * version: general 2. specific url as origin OK CORSSupport: true version: general CORSAllowedOrigins: http://jb-rhevm36.example.com:8765 version: general 3. default (false + same origin having https) OK CORSSupport: false version: general CORSAllowedOrigins: version: general 4. default (false + origin not having https) FALSE this should fail, thus OK