SPFx Web Part - No 'Access-Control-Allow-Origin' header is present on the requested resource.
https://sharepoint.stackexchange.com/questions/240515
-
15-01-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
When attempting to access an Azure AD secured web API from a SharePoint framework web part, I get the following error:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '[my O365 SharePoint URL here]' is therefore not allowed access.
However, the request for the same API works fine from test-cors. When I look at the headers, the 'Access-Control-Allow-Origin' appears in the test-cors response, but it does not exist in the response returned from the SPFx web part call.
But this is the same API being called in both cases, how can that be?
Solution
Apparently SPFx only allows one origin listed in an Azure AD secured web API. When we provided multiple origins, it appears to ignore the attribute completely and won't include it in the response at all. I don't know if this limitation carries over to other API's too, but either way it seems really short sighted.
