SharePoint CORS fix

This is possible fix for the a possible calls made from one application to your SharePoint side that is located in another domain.

In your SharePoint application add the following custom headers to enable requests from a different domain. Just change the header: Access-Control-Allow-Origin to point to the application who is making a call to your SharePoint application.

<system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name=”Access-Control-Allow-Credentials” value=”true” />
        <add name=”Access-Control-Allow-Origin” value=”http://source-application.com​&#8221; />
        <add name=”Access-Control-Request-Method” value=”GET,POST,HEAD,OPTIONS” />
      </customHeaders>
    </httpProtocol>​
</system.webServer>​

Also if you are making an AJAX call add the following parameter to the call:
xhrFields: { withCredentials: true }

 

Sample code:

jQuery.ajax({
 url: requestUri,
 type: 'GET',
 dataType: 'json',
 headers: requestHeaders,
 xhrFields: { withCredentials: true },
 success: function (data)
 { 

 },
 error: function ajaxError(response) {
 console.log(response.status + ' ' + response.statusText);
 }
 });

Other possible parameters for the AJAX call:

crossDomain: true
And for CORS support:
$.support.cors = true;

A bit more detail can be found here in this post:
https://blog.kenaro.com/2014/03/18/cross-site-scripting-with-sharepoint-2013-rest-calls/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s