how to add office365 credentials in get request to retrieve list items

Question

here is simple service function getting list items;

public readItems(webUrl: string, listName: string): ng.IPromise<IListItem[]> {
    const deferred: ng.IDeferred<IListItem[]> = this.$q.defer();

    this.$http({
      url: `${webUrl}/_api/web/lists/getbytitle('${listName}')/items`,
      method: 'GET',
      headers: {
        'Accept': 'application/json;odata=nometadata'
      }
    }).then((result: ng.IHttpPromiseCallbackArg<{ value: IListItem[] }>): void => {
      deferred.resolve(result.data.value);
    });
    return deferred.promise;
  }

I am to to see contents of list in browser using same url;

but in application response to this call;

how can I add required information that sharepoint needs to understand its authenticated request?

Answer 1

I'd not be surprised your JavaScript code runs from another domain than mod970274.sharepoint.com, thus resulting in a same-origin policy violation... and cross-domain calls being forbidden by default result in a 403 error, as the one you get...

Fortunately, with Office 365, there's now a way to workaround this policy by declaring an app in the Office 365 portal (the app declaration includes the domain name your JavaScript code is hosted at); calls from this app will then be allowed by the mean of "CORS".
Official info can be found here + a lot of other articles.