issue in making cross domain Ajax call to SharePoint 2016 REST service

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/272406

Question

To Fix issue in making cross domain Ajax call to SharePoint2016 REST service and

I dont want to set to the current specific (protocol + domain + port dynamically), because i need to accept by domain(mydomain.com) like the regular expression.

^(https?://(?:.+\.)?mywebsite\.com(?::\d{1,5})?)$

So,I used this technet.microsoft blog :blog from microsoft,on chrome and fireFox , I always get the error:

Multiple Access-Control-Allow-Origin headers are not allowed for CORS response.

So,on IIS, I follwed this : SharePoint 2016 ,403 forbidden error

end the error is :

chrome:

Access to XMLHttpRequest at 'https://dev1.mydomain.com/_api/web/AllProperties' from origin 'https://dev2.maydomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://mydomain.com' that is not equal to the supplied origin.

IE: XMLHttpRequest: Network Error 0x80070005, Access is denied.

JS script :

function getOSSSiteTitle(siteUrl) {

    var url = siteUrl + "/_api/web/AllProperties";
        console.log(url);
         return executeJson(url).then(
             function (data) {
                 return siteTitle = data.d.sitetitlelabelkey

        });
}



function executeJson(url, method, headers, payload, xhrFields) {
    method = method || 'GET';
    headers = headers || {};
    headers["Accept"] = "application/json;odata=verbose";
    headers["Content-Type"] = "'application/json;odata=verbose'";    
    headers["crossDomain"] = "true";
    headers["credentials"] = "include";
    //headers["X-FORMS_BASED_AUTH_ACCEPTED"] = "f";


    if (method == "POST") {
        headers["X-RequestDigest"] = $("#__REQUESTDIGEST").val();
    }
    var ajaxOptions = {
        url: url,
        type: method,
        contentType: "application/json;odata=verbose",
        headers: headers
    };
    if (typeof payload != 'undefined') {
        ajaxOptions.data = JSON.stringify(payload);
    }
    return $.ajax(ajaxOptions);
}

WebConfig:

 <httpProtocol>
  <customHeaders>      
    <add name="X-Content-Type-Options" value="nosniff" />
    <add name="X-MS-InvokeApp" value="1; RequireReadOnly" />        
    <add name="Access-Control-Allow-Origin" value="https://mydomain.com" />
    <add name="Access-Control-Allow-Headers" value="Content-Type,Accept,X-FORMS_BASED_AUTH_ACCEPTED,crossDomain,credentials" />                                                     
    <add name="Access-Control-Allow-Methods" value="GET, POST, PATCH, DELETE, PUT, OPTIONS" />
    <add name="Access-Control-Allow-Credentials" value="true" />                
  </customHeaders>
</httpProtocol>

Note: -and i add the iis rewrite module like blog, -the public URL for the zone is added as https, the SP servers in IIS is binding for https port 443 and an SSL certificate.

Any idea ?

Was it helpful?

Solution

I want to share the solution with you , i followed this blog : Configure CORS for SharePoint 2016 (v 1.1) and changed the by by : ^(https?://.+\.mydomain.com(?::\d{1,5})?)$

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top