6

SITUATION:

  • Internal web site running off a web server.
  • SharePoint running off a different internal web server.
  • It's all internal, and all on the same company.com internal domain (different sub domains because they are accessed via SharePoint.company.com and internalWeb.company.com)

PROBLEM:

  • XMLHttpRequest cannot load http://SharePoint.company.com. Origin http://internalWeb.company.com is not allowed by Access-Control-Allow-Origin.

WHAT I WANT:

  • Use ajax and the JQuery load() function from my web sites running off the web server to call urls on the SharePoint server.

NOTE:

  • This seems like it should be possible to set the SharePoint server to allow cross origin requests by just setting the Access-Control-Allow-Origin, it's ALL INTERNAL and I can change the web.configs or IIS settings as I please
  • Is this possible? If so, where do I set it. I have read a lot on this and can't seem to get a clear answer.

CODE: (on my web page running on internalWeb.company.com)

$("#details").load("SharePoint.company.com/someDetails.html");

Thanks!

kralco626
  • 8,456
  • 38
  • 112
  • 169

1 Answers1

9

A quick fix could be to set a custom header in your SharePoint web.config:

http://www.iis.net/configreference/system.webserver/httpprotocol/customheaders

<customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>

Or for just that domain, try 

<customHeaders>
    <add name="Access-Control-Allow-Origin" value="http://internalWeb.company.com" />
</customHeaders>
Jason P
  • 26,984
  • 3
  • 31
  • 45
  • Does this have to go under a `location` tag? r just under the regular `system.webserver` section? – kralco626 Aug 09 '13 at 14:42
  • It can, I don't think it needs to. Here's an example with the location tag: http://stackoverflow.com/questions/13061524/how-to-set-access-control-allow-origin-on-particular-file-web-config – Jason P Aug 09 '13 at 14:44
  • Open your network tab, look at the xhr request, and see if the header is actually being returned. – Jason P Aug 09 '13 at 14:47
  • I don't see it in the Header, but isn't that the header that the web page is sending TO the second server? – kralco626 Aug 09 '13 at 14:50
  • The `Access-Control-Allow-Origin` header should be a _response_ header. – Jason P Aug 09 '13 at 15:00
  • I think I'm at the end of my knowledge on the subject without doing more research myself. I would recommend editing your question with your new information and adding a few tags related to web.config and asp.net, or asking a new question with the more specific info. – Jason P Aug 09 '13 at 15:15
  • OK, ignore my past few comments. I was putting it in the wrong place. I'm seeing the Header come back. However, now I'm getting a 401 error. Something I need to do to tell the ajax request to the user's windows credentials along? – kralco626 Aug 09 '13 at 15:20
  • Maybe you need something like this? http://stackoverflow.com/questions/1002179/how-can-i-pass-windows-authentication-to-webservice-using-jquery – Jason P Aug 09 '13 at 15:23
  • I had to add `` to my web.config and `xhrFields: { withCredentials: true }` to my ajax request. HOWEVER, using `*` for `Access-Control-Allow-Origin` you cannot use `withCredentials:true`. SOOOO I guess I have to specify the servers individually :) Thanks for your help. And of course, from what I'm reading, none of this will work with IE8/9 – kralco626 Aug 09 '13 at 15:27
  • No problem. I haven't used it, but there is a CORS support library for IE8 out there you might look into. – Jason P Aug 09 '13 at 15:34
  • So actually, this isn't really doing what I wanted. I had to use $.ajax rather than .load(), so now instead of loading the page into the div, I'm just getting the html back. I want to load it into the div. – kralco626 Aug 09 '13 at 15:54
  • `$.ajax(...).done(function(result) { $('#details').html(result); });` – Jason P Aug 09 '13 at 15:56
  • ya, i tried that, however, it gives me a bunch of errors because it can't load the css and javascript files etc. – kralco626 Aug 09 '13 at 16:54