SharePoint listdata.svc receiving Response for preflight is invalid (redirect) with ADAL token
https://sharepoint.stackexchange.com/questions/174860
-
08-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have an application that is hosted in Azure website which consumes information from within SharePoint.
Microsoft has provided the ADAL.js library to allow interface with Azure Active Directory and retrieve a token to Authenticate to SharePoint. it is up and working fine for the /_api endpoints but i have a need to use the /_vti_bin/listdata.svc.
If i make this call in Postman from my local computer using the ADAL token it returns the response data as expected.
/_vti_bin/Listdata.svc/LinkList?$select=Contract/ContractName,Contract/Manager/Name,Contract/ContentType,Contract/Attachments&$expand=Contract/Manager&$filter=ProjectId eq 1 and Contract ne null
However if i send the same call from the application I recieve the following error.
XMLHttpRequest cannot load https://[tenant].sharepoint.com/BMS2/_vti_bin/listdata.svc/LinkList?$select=Contract/ContractName,Contract/Manager/Name,Contract/ContentType,Contract/Attachments&$expand=Contract/Manager&$filter=ProjectId eq 1 and Contract ne null Response for preflight is invalid (redirect)
Solution 2
Unfortunately, I have found that listdata.svc doesn't support CORS.
Our solution was to create a WebAPI proxy that we ADAL to authenticate against. Then we pass the URL and Token to an endpoint and get the proxy to send the request on our behalf and return it to us.
The first call we made which needs to do the initial Authentication took a little longer than expected but each call after that is on par with making the call directly against the listdata.svc
OTHER TIPS
You would need to post your application code to get a more complete answer, but it's most likely the way you're setting up your headers in the request in relation to Cross Origin Resource Sharing (CORS). Your App would need to a header along the lines of this:
Response.AddHeader("Access-Control-Allow-Origin", "*");
And any AJAX calls requests would need to set the withCredential property to true in the XMLHttpRequest:
var cor = null; // cor stands for Cross-Origin request
if (window.XMLHttpRequest) {
cor = new XMLHttpRequest();
}
//else if (window.XDomainRequest) {
//cor = new XDomainRequest();
//}
else {
alert("Your browser does not support Cross-Origin request!");
return;
}
cor.onreadystatechange = function () {
if (cor.readyState == 4) {
document.getElementById('lbl').innerHTML = cor.responseText;
}
};
var data = 'Some fake data';
if (method == 'POST') {
cor.open('POST', 'https://[tenant].sharepoint.com/BMS2/_vti_bin/listdata.svc/LinkList', true);
cor.withCredential = "true";
cor.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
cor.send('Data=' + data);
}
else if (method == 'GET') {
cor.open('GET', 'https://[tenant].sharepoint.com/BMS2/_vti_bin/listdata.svc/LinkList?Data=' + data, true);
co
r.withCredential = "true";
cor.send(null);
}
Reference: http://www.codeproject.com/Articles/185506/AJAX-Cross-Origin-HTTP-request
