0

Need help on sharepoint 2013 Rest API with Ajax Call.

I am trying to read the list items from publishing site to the team site. Both the sites are in different site collections.

The below code is worksfine in Internet explorer and not in Google chrome. 

$(document).ready(function() {
    $.support.cors = true;
    $.ajax({
        url:"http://icon.heart.com/WorkTools/Organization/Claim/_api/web/lists/getByTitle('Claims Links')/items?$top=200",
        type:"GET",
        headers:{"accept":"application/json;odata=verbose"},
        dataType: "json",
        success: function(data){ alert("pass")}
        error: function(Data){ alert ("Fail");}
    });  
});

The response had Http Status code 401. The error from the $.ajax request is

Failed to load resource : the server responded with a status of 401(unauthorized)

Error 2:

XML HttpRequest Cannot load No 'Access-control-Allow-Origin' header is present on the requested resource. Oringin 'url' is therefore not allowed access.

I don't have access to the servers. I need to try only with Script editor on SharePoint 2013 page.

jasonscript
  • 6,039
  • 3
  • 28
  • 43
Dhanasekaran G
  • 1
  • 4
  • What error is returned by Chrome/Firefox, and what version of IE are you using? – Daniel B Jul 20 '15 at 13:12
  • @Daniel -- error 1: Failed to load resource : the server responded with a status of 401(unauthorized) error 2: XML HTtpRequest Canot load No 'Access-control-Allow-Origin' header is present on the requested resource. Oringin 'url' is therefor not allowed access. The respinse had Http Status code 401 Unfortunately I dont have access to the servers. I have to fix this with OOB Controls. I am using Script editor in Sharepoint 2013 to run this !! Any idea ? – Dhanasekaran G Jul 21 '15 at 04:56

4 Answers4

1

Most likely it occurs since Chrome refuses to set a an Origin header for a CORS request. It won't even let you explicitly override the Origin header. Basically this causes the server to see Origin: null, which results in a 403 in most cases. IE/Firefox apparently has no such constraint.

As a workaround in case of SharePoint On-Premises you could set a custom header in web.config:

<customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>

or specify explicitly domain:

<customHeaders>
    <add name="Access-Control-Allow-Origin" value="http://anotherintra.contoso.com" />
</customHeaders>
Vadim Gremyachev
  • 57,952
  • 20
  • 129
  • 193
  • Unfortunately I dont have access to the servers. I have to fix this with OOB Controls. I am using Script editor in Sharepoint 2013 to run this !! Any idea – Dhanasekaran G Jul 21 '15 at 04:48
0

using OOB scripts, it will not be fixed. the changes need to be done at server side as specified by Vadim Gremyachev. Also it might work in IE8 but in IE10 it will show you a security pop up asking for accessing data from other domain.

Anit
  • 174
  • 5
0
headers: {
           "Accept": "application/json; odata=verbose",
           "X-RequestDigest": $("#__REQUESTDIGEST").val()
         },

As explained in Work with __REQUESTDIGEST, some requests require to add the request digest. Even, if this is a get request and the explanation on the ms pages is for "non-GET" requests, it solved some unauthorized issues with my api SP GET calls too.

Community
  • 1
  • 1
Roman Liebl
  • 1
  • 2
  • 1
    Thank you for this code snippet, which might provide some limited short-term help. A proper explanation [would greatly improve](https://meta.stackexchange.com/questions/114762/explaining-entirely-code-based-answers) its long-term value by showing why this is a good solution to the problem and would make it more useful to future readers with other, similar questions. Please edit your answer to add some explanation, including the assumptions you've made – Shawn C. Jun 07 '18 at 17:22
0

It is possible the reason IE works and Chrome does not is due to how the respective browsers handle your credentials. To provide your credentials in chrome add the following code to your $.ajax call.

xhrFields: {
 withCredentials: true
},

see

Joshua Rose
  • 370
  • 2
  • 10