4

I have an MVC application deployed to Azure which was created as a SharePoint App Part (Provider-Hosted) for a SharePoint Online site. All Client ID and Secret ID are set correctly within SharePoint site and the Azure web Application.

The App does spin up from the SharePoint site but the JSOM logic is throwing a No 'Access-Control-Allow-Origin' header exception when it runs this simple JS logic...

<script type="text/javascript">
    var hostweburl;

    // Load the required SharePoint libraries.
    $(document).ready(function () {

        // Get the URI decoded URLs.
        hostweburl =
            decodeURIComponent(
                getQueryStringParameter("SPHostUrl")
        );

        // The js files are in a URL in the form:
        // web_url/_layouts/15/resource_file
        var scriptbase = hostweburl + "/_layouts/15/";

        // Load the js files and continue to
        // the execOperation function.
        $.getScript(scriptbase + "SP.Runtime.js",
            function () {
                $.getScript(scriptbase + "SP.js", execOperation);
            }
        );
    });

    // Function to execute basic operations.
    function execOperation() {

        // Continue your program flow here.
        hostweburl =
           decodeURIComponent(
               getQueryStringParameter("SPHostUrl")
       );
        retrieveWebSite(hostweburl);

    }

    // Function to retrieve a query string value.
    // For production purposes you may want to use
    // a library to handle the query string.
    function getQueryStringParameter(paramToRetrieve) {
        var params =
            document.URL.split("?")[1].split("&");
        var strParams = "";
        for (var i = 0; i < params.length; i = i + 1) {
            var singleParam = params[i].split("=");
            if (singleParam[0] == paramToRetrieve)
                return singleParam[1];
        }
    }


    function retrieveWebSite(siteUrl) {
        var clientContext = new SP.ClientContext(siteUrl);
        this.oWebsite = clientContext.get_web();

        clientContext.load(this.oWebsite);

        clientContext.executeQueryAsync(
            Function.createDelegate(this, this.onQuerySucceeded),
            Function.createDelegate(this, this.onQueryFailed)
        );
    }

    function onQuerySucceeded(sender, args) {
        alert('Title: ' + this.oWebsite.get_title() +
            ' Description: ' + this.oWebsite.get_description());
    }

    function onQueryFailed(sender, args) {
        alert('Request failed. ' + args.get_message() +
            '\n' + args.get_stackTrace());
    }

</script>

The exception occurs in the function retrieveWebSite when it attempts to obtain the Client Context for the site...

        var clientContext = new SP.ClientContext(siteUrl);

The exception is as follows ...

XMLHttpRequest cannot load https://mySharePointSiteName.sharepoint.com/sites/Apps/_api/contextinfo. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://myWebSiteName.azurewebsites.net' is therefore not allowed access.

I thought the whole IFrames stuff takes care of this?

user1333524
  • 463
  • 5
  • 17
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS – epascarello Dec 02 '14 at 18:59
  • I am aware as to what CORS is about however this is not suppose to be an issue according to this post ..http://blogs.msdn.com/b/officeapps/archive/2012/11/29/solving-cross-domain-problems-in-apps-for-sharepoint.aspx – user1333524 Dec 02 '14 at 19:06
  • browser and are you going from http to https? – epascarello Dec 02 '14 at 19:12
  • Chromium (debugging Dart code) ... No, as you can see in the exception is between https to https – user1333524 Dec 02 '14 at 19:24
  • The error happens when this function is invoked .. SP.ClientRuntimeContext.prototype.executeQueryAsync [Line: 2, Col: 60472], SP.Runtime.js Exception occures wihtin AJAX, Access Denied – user1333524 Dec 02 '14 at 19:26
  • X-Forms_Based_Auth_Required: https://MySharePointSite.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fcontextinfo X-Forms_Based_Auth_Return_Url: https://MySharePointSite.sharepoint.com/_layouts/15/error.aspx X-MSDAVEXT_Error: 917656; Access+denied. – user1333524 Dec 02 '14 at 23:15
  • X-FRAME-OPTIONS: SAMEORIGIN X-Powered-By: ASP.NET System.UnauthorizedAccessExceptionAccess denied. You do not have permission to perform this action or access this resource. – user1333524 Dec 02 '14 at 23:16

1 Answers1

1

You need to use the SP.RequestExecutor like so:

http://blogs.msdn.com/b/officeapps/archive/2012/11/29/solving-cross-domain-problems-in-apps-for-sharepoint.aspx

-Edit

Not sure anyone uses this method anymore but here's a new link:

https://learn.microsoft.com/en-us/archive/blogs/officeapps/solving-cross-domain-problems-in-apps-for-sharepoint

and here's the sample snip from the blog:

 // Load the cross-domain library. 
$(document).ready(function () { 
  var hostweburl; 
  var appweburl; 
  
  //Get the URI decoded URLs. 
  hostweburl = decodeURIComponent( getQueryStringParameter("SPHostUrl") ); 
  appweburl = decodeURIComponent( getQueryStringParameter("SPAppWebUrl") ); 
  
  // Load the .js files using jQuery's getScript function. 
  $.getScript(
    hostweburl + "/_layouts/15/SP.RequestExecutor.js",
    continueExecution
  );
  
  // After the cross-domain library is loaded, execution 
  // continues to this function. 
  function continueExecution() { 
    var executor; 
    
    // Initialize your RequestExecutor object. 
    executor = new SP.RequestExecutor(appweburl); 
    // You can issue requests here using the executeAsync method 
    // of the RequestExecutor object.
  } 
  
  // Function to retrieve a query string value.  
  function getQueryStringParameter(paramToRetrieve) {
    var params = document.URL.split("?")[1].split("&");
    var strParams = "";

    for (var i = 0; i < params.length; i = i + 1) {
      var singleParam = params[i].split("=");
      if (singleParam[0] == paramToRetrieve)
        return singleParam[1];
    }
  }
});

Have a great day!

joshbooker
  • 44
  • 2
  • 1
    Can you expand a little your answer? Near link-only answers are discouraged. – orique Dec 04 '14 at 15:46
  • Josh I love you Dude! That was exactly what I was missing. – user1333524 Dec 04 '14 at 19:22
  • 2
    @orique...that's one reason why I don't use SO .. too many difficult rules\moderators to make a nice community...it I didn't know the OP from another more friendly community forum, then I wouldn't be here at all...flag my answer if you wish, but I cannot provide any better detail that on the linked page. Have a great day! – joshbooker Dec 04 '14 at 19:35
  • joshbooker, orique was simply asking you to include detail from the link in the event that the link or the content in the link changes. – Peder Rice Apr 28 '16 at 16:34
  • link is broken.. this is why link only answers are discouraged – Abdul Hameed Feb 13 '20 at 13:50