SharePoint CORS fix

This is possible fix for the a possible calls made from one application to your SharePoint side that is located in another domain.

In your SharePoint application add the following custom headers to enable requests from a different domain. Just change the header: Access-Control-Allow-Origin to point to the application who is making a call to your SharePoint application.

        <add name=”Access-Control-Allow-Credentials” value=”true” />
        <add name=”Access-Control-Allow-Origin” value=”​&#8221; />
        <add name=”Access-Control-Request-Method” value=”GET,POST,HEAD,OPTIONS” />

Also if you are making an AJAX call add the following parameter to the call:
xhrFields: { withCredentials: true }


Sample code:

 url: requestUri,
 type: 'GET',
 dataType: 'json',
 headers: requestHeaders,
 xhrFields: { withCredentials: true },
 success: function (data)

 error: function ajaxError(response) {
 console.log(response.status + ' ' + response.statusText);

Other possible parameters for the AJAX call:

crossDomain: true
And for CORS support:
$.support.cors = true;

A bit more detail can be found here in this post:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s