I have a sharepoint online site were I'm using announcements. These announcements I would like to consume in a Cordova app and also on a HTML5 site that I have on some info screens.
I have been looking into using the REST service and app for sharepoint.
Example:
var requestUri = 'https://site.sharepoint.com/_api/web/lists(guid\'someGuid')/items';
var requestHeaders = { 'accept': 'application/json;odata=verbose' };
$.ajax(
{
url: requestUri,
contentType: 'application/json;odata=verbose',
headers: requestHeaders,
success: function (response){
console.log(response);
},
error: function(error) {
console.log(error);
}
});
When I run this I get the:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
I know I can look into trying to enable CORS on sharepoint, or use JSONP.
I was wondering if the path I'm going down here are the correct path or would it be better to create my own WebService and get the data through that?
Any better ways?
thanks
If your Sharepoint online is connected with Azure AD, then you can use Azure AD application access sharepoint REST API with CORS enabled. Follow the steps at https://msdn.microsoft.com/en-us/office/office365/howto/create-web-apps-using-CORS-to-access-files-in-Office-365
Related
I have just followed the steps which were given in the Jenkins website. Now I can login into Jenkins using http://localhost:8080
When I use http://localhost:8080/api/json?pretty=true I can get JSON response from my localhost server. But when I try to get the data to a html page i.e., when I use url http://localhost:1234/foldername/file.html I'm unable to get the data using AJAX call. Below is the code I'm using for AJAX Call
$.ajax({
type: 'GET',
url: 'http://localhost:8080/api/json?pretty=true',
dataType: 'json',
//whatever you need
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', make_base_auth('admin', 'admin'));
},
success: function (data){
alert(data);
}
});
function make_base_auth(user, password) {
var tok = user + ':' + password;
var hash = btoa(tok);
return 'Basic ' + hash;
}
I'm getting an authentication error.
From my understanding of the documentation, Jenkins recommends using your user's API key provided via HTTP Basic Authentication, not its password.
Modern jQuery (1.5 or later) also has added a headers field to the options for jQuery.ajax()
headers: {'Authorization': 'Basic ' + btoa('username:apitoken')}
However, what you describe here should do fine without these suggestions.
My assumption is that you are running into the Same-origin policy since your client is based in a browser document, from a different origin (different port) than your Jenkins server runs on. You will need to add CORS headers on your Jenkins server allowing your page's domain access to Jenkins resources, or have both Jekins API + your client page hosted from a single origin.
For your example here, you could use the CORS Filter Plugin and would need to add headers at least as permissive as follows:
Access-Control-Allow-Origins: http://localhost:1234
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Headers: Authorization
In production, you could either use a single origin, or update the list of origins to include wherever your dashboard lives in production, or if you're confident about Same-origin problems, * as a wildcard for any origin.
I am using jQuery ajax to send request to some API. Due to the CORS policy I got a CORS error on the browser's console
Here's by code
$.ajax({
url: sendHere,//api url
type: 'GET',
contentType: 'text/plain',
crossDomain: true,
beforeSend: function(xhr){
xhr.withCredentials = true;
},
}).done(function (result) {
console.log(result);
}).error(function (err) {
//console.log(err);
});
Error
'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.mywebsite.com' is therefore not allowed access.
I tried to solve this problem by installing a chrome extension to enable allow cross origin request. This extension somehow solved my problem and got a response from the api. But installing an extension is not good.
I also tried to make the request with JSONP(dataType:'jsonp') but the response given by the api is not in json format, it is string so it gives an error.
Code with JSONP
$.ajax({
url: sendHere,//api url
type: 'GET',
crossDomain: true,
dataType:'jsonp',
}).done(function (result) {
console.log(result);
}).error(function (err) {
//console.log(err);
});
Uncaught ReferenceError: E0002 is not defined
where "E0002" is the response string from the api
!!!PLEASE HELP!!!
There are 2 situations -
If you have control over the api code then
make changes in header and add your origin as well.
If you don't have control to change CORS header that is coming from
the api
you have only one option create a backend code(your own api) in any language you prefer that make an http request and get the data. now use your own api to get data on your frontend.
The cors error is cross origin request policy maintained by the browser for security.
To solve your problem either you will have to allow cors request in your server coding or if you do not have access to the server api code you will have to make the api call from your server to api server
It could be I have completely misunderstood how web services work.
So there's a webservice I want to access through a javascript file sitting in a folder on my desktop. The server I am trying to access has not set a CORS header, so I have some trouble just using regular ol' ajax.
And frankly I am not sure where to go from here.
$.ajax({
type:"get",
crossdomain: "true",
url: "https://name", //actual name redacted from this question
success: function(data){
console.log(data);
}
});
A regular get like this will print the following in firefox's console.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://ws.zooom.no/v1/channels. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
I got a hint from the task giver that I need to set the following in my "hosts file"
#127.0.0.1 www.domainname.com
Which confuses me. I have little to no experiences hosting anything, but does this hint that I need to maybe virtually host my "webpage" to access the webservice? It probably doesn't help to say I feel at a loss here.
So the bad news is that unless the 3rd party service either allows cross-domain requests (this is a configuration on that 3rd party server), or allows JSONP requests, you really have no option to access this service using a browser and javascript.
You could perhaps build your own service to proxy requests to that third party service. This would give you control over domain, CORS, JSONP, etc.
I found a solution.
Using something called "JSONP" that I had never heard of until now, i wrote a request like this
$.ajax({
type: 'GET',
url: "https://DOMAINNAME.com",
contentType: "application/json",
dataType: 'jsonp',
success: function(data) {
console.log(data)
},
error: function(e) {
console.log(e.message);
}
});
This somehow completely negated the CORS problems
Before I start, I'd like to say sorry for my English, it's not my native language.
I'm trying to setup OAuth2 for GitHub authorization.
I stucked at the step, where I should send POST request to github and receive access token. The problem is that when I send POST request my browser automatically downloads file with access token. Since I can't open this file with javascript, I'm trying to get json as response.
In the documentation it's written that I can change accept header and receive json, but I can't write correct POST request.
I've already tried a lot of things, like this:
$.ajax({
method: "POST",
url: "https://github.com/login/oauth/access_token",
dataType: "application/json"
});
or
$.ajax({
url: 'https://github.com/login/oauth/access_token',
headers: {
Accept : "application/json",
}
data: "data",
success : function(response) {
console.log(response);
} })
etc
But I get this error:
XMLHttpRequest cannot load github.com/login/oauth/access_token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://braga.fedyunin.com.ua' is therefore not allowed access. The response had HTTP status code 404.
Can't find any useful information in google, so I had to register here. Thanks for help.
Read https://developer.github.com/v3/ in section: Cross Origin Resource Sharing
I tried the same thing, but also failed due to the lack of the Access-Control-Allow-Origin header in the response from GitHub API. I contacted GitHub support and found out what was going wrong.
It doesn't work because you are attempting to use OAuth from a web application, which GitHub API does not support. When you authenticate this way, your client_id and client_secret must be in the web page somewhere and sent with the POST request. The entire request, including your client_secret, can be viewed with Firebug or a similar tool. Because it's a bad idea to expose your client_secret, GitHub API will not return the Access-Control-Allow-Origin header, thus preventing you from retrieving the token.
You must issue the POST from the server side and get the token that way. When you do that, the client_secret is on your server, not in people's browsers.
The Ajax request from your site to github.com fails because browsers follow the same origin policy for xhr requests. This means that an xhr request can only be made for a resource on the same origin.
To allow for cross origin requests, the server needs to Whitlelist domains that can access a particular resource.
In your case, to do this, you need to register your site as an application on your github account, by entering the details here:https://github.com/settings/applications/new
I'm developing chrome extension and I want to get HTML content from URL, and I have a code as below:
function getContentHTML() {
var theUrl = 'http://tuoitre.vn/The-gioi/620269/my-cong-bo-anh-ve-tinh-nga-ban-ten-lua-vao-ukraine.html';
$.ajax({
url: theUrl,
crossDomain: true,
dataType: "html",
type: "GET",
success: function (data) {
document.write(data);
}
});
}
My problem is: Some website I can get HTML content but some website I can not get HTML content and show error is "Access-Control-Allow-Origin". I'm also follow in google but I can not solved.
This means that the site doesn't allow your page's origin to query its content via ajax. This is disallowed by default because of the Same Origin Policy, but can be enabled by the site owner via Cross Origin Resource Sharing.
If the site doesn't allow your origin to access it, you cannot solve it client-side. You'd have to do something like query the information from your server (which would in turn use server-side code to query it from the other site, and then return it to you).
there are sites on which server will not accept requests from third-party domains. This problem has no solution.