Running any of the sample REST API calls for O365 works fine with the sand-boxed URLs and authorization headers.
However, substituting these URLs with my own is no-go.
XMLHttpRequest cannot load https://****-my.sharepoint.com/_api/v1.0/me/files. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://****:44301' is therefore not allowed access. The response had HTTP status code 403.
Is the issue due to cross-domain scripting?
Extra authorization that must be done on a "real" O365 endpoint as opposed to the sandboxed sample?
Are these libraries used from web context ? It sounds like it from the problem description. Please note that these libraries will only work from Cordova app context for now. http://microsoft.response.lithium.com/portal/conversation/1003718
Related
I have an application hosted in Azure server
I have a rest api for eg: http://localhost:8080/abc/bin , this api gives response in localhost.
BUT when I use http://mydevsite.com/abc/bin returns 404 , showing as cors error in browser console as below:
Access to XMLHttpRequest at 'http://mydevsite.com/abc/bin' from origin 'http://mysitee.com/abc/bin' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
and getting API response as below:
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
I was told that "bin" word cannot be used at all in the rest api, bcoz firewall blocks having reserve word "bin" in the api (hosted in Azure server).
So, am looking for workaround for above "bin" word in the api.
Any solution really exists? orelse there is no way to use word "bin" in the rest api, especially when the code hosted in Azure server.
I have a nodeJS express app, that serves front end app using React and also provides an API. The React app calls the backend API and as such there is no cross origin.
When I deploy this to Bluemix without SSO, everything works fine. When I deploy using SSO service I get error
Fetch API cannot load https://abcd-9bgrvudk1p-ct20.iam.ibmcloud.com/idaas/oidc/endpoint/default/authorize?response_type=code&client_id=Z4eSiL50dT&redirect_uri=https%3A%2F%2Fconsole-sso.mybluemix.net%2Fauth%2Fsso%2Fcallback&scope=openid%20openid.
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://console-sso.mybluemix.net' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I tried calling the API directly and after SSO auth, it works fine, But when the API is invoked by the front end app, it returns the above error.
FYI, API target is https://console-sso.mybluemix.net/api/reports/daily-reports
I have followed the Single Sign On documentation
I tried adding CORS module and response headers to allow a CORS request but it did not work. I also tried adding * to SSO configuration to allow all origins but no luck. Any pointers would be great! Thanks
This will require Support to review. Please open a ticket with the BlueMix support team
I am using Azure DocumentDB with REST API and trying to call the API from HTML page using Ajax requests. But I found that authorization headers are not getting added in a request. After searching, a lot, I found that it may be a CORS issue. Same request works well when POSTMAN tool is used. Security header got set in this case.
You're correct! DocumentDB REST API can't be called using AJAX from the browser because of CORS and right now it is not possible to configure CORS settings for a DocumentDB account.
We followed this project and wired up our MVC application to use the new ADAL bit but we are seeing the following error when the token expires:
XMLHttpRequest cannot load https://login.windows.net/0bccafdb-3696-4344-3269-991d0a93be57/oauth2/autho…QzLTk5MWUtOGE5KRLTIFMYWE3MTliNjU1YMJTLENi00YWIzLTllNDQtYmVmZWU4ZWFjMjQ1. The request was redirected to 'https://login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=https%3a%…ZAEkNmNhNzFiYTUtZWZhOS00YjE0LWExYTYtZjQ5NjgwMzU5NzEz7Q2&wp=MBI_FED_SSL&id=', which is disallowed for cross-origin requests that require preflight.
Related: CORS preflight request responds with 302 redirect in Azure hosted Web API
That sample is not meant to be used with XMLHttpRequest. It is secured via a redirect based protocol, which in turn requires full browser postbacks for performing authentication operations. That protocol is not designed to work with Web API and AJAX calls, and although it can work for testing purposes production use will force you into hacks and other bad tactical measures.
If you want to make calls from JavaScript, please consider http://www.cloudidentity.com/blog/2015/02/19/introducing-adal-js-v1/.
I'm building a browser based application in Javascript. I've tried to access the docusign api via jQuery:
$.support.cors = true;
$.ajax({crossDomain:true, url:"https://demo.docusign.net/restapi/v2"})
I get the error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://demo.docusign.net/restapi/v2?_=1407189114238. This can be fixed by moving the resource to the same domain or enabling CORS.
Accessing other APIs such as yahoo, totally works:
$.ajax({crossDomain:true, url:"https://query.yahooapis.com/v1/public/yql"})
Is there a special thing that I need to do for docusign api? Thanks. (Note: My examples here use blank queries to illustrate whether an api is accessible at all. The actual code uses real queries. This problem is not caused by not having a real query. You can see this yourself by pasting the above url into your browser and see that it returns some xml.)
DocuSign does not support CORS (Cross-Origin Resource Sharing) in its platform. There are too many potential security risks with CORS and for DocuSign to maintain its extremely high level of security and certification compliance it can not support CORS.