How to set headers in ajax call with jquery

Question

I need to call an Office 365 Rest API from my own application.

When I copy and paste the url on the same browser session, I can see some XML.

If I paste that URL into an incognito window I get this error:

The custom error module does not recognize this error.

I am trying to make an API call to get that response from my application, when checking with developer tools, how they call the service I can see this:

As you can see the API call has some request headers.

Google chrome has the functionality to copy that as a CURL request.

And this works for me:

curl "https://portal.office.com/api/myapps/GetAllApps" -H "AjaxSessionKey: wEAjKvw1WCmLD27I2TGqAuga25rq5HdKrdEOCOTXhfX4k6H3U/AQru+hPWfWSMX0hhQ++OFkm/FvKN+Z1moC1Q=="
-H "Accept-Encoding: gzip, deflate, sdch, br" -H "X-SuiteServiceProxyOrigin: https://outlook.office365.com" -H "Accept-Language: en-US,en;q=0.8" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36" -H "Content-Type: application/json;charset=UTF-8" -H "Accept: application/json" -H "Referer: https://portal.office.com/SuiteServiceProxy.aspx?upn=luis.valencia"%"40softwareestrategico.com&suiteServiceReturnUrl=https"%"3A"%"2F"%"2Foutlook.office365.com"%"2Fowa"%"2F&returnUrl=https"%"3A"%"2F"%"2Foutlook.office365.com"%"2Fowa"%"2F"
-H "Cookie: s.SessID=6bcb4983-767b-41b4-8bc9-03d5df23fab7; p.CachedJSFiles=16.00.1449.010:0x27F042160xD2810E3C0xF5EAFC860xA82B20870x58AB93C50x469628490xA2E1E0750xD5297DF50x63CBC2C30xF07895570x76AC56DF0xF515B60E0x052D52250xE77D86F40xD6CD36BB0xF5394BE50x0CA8EA080x810AC8B70xFFDEDE890x59EBF4680x117A18140xFCB544560x2E5289740x883529F50xA732E006; p.CachedCSSFiles=16.00.1449.010:0xAFCABDD50x7704885F0x1EC8288A0x2A2173270x7A142B580x630DEBB30x146543E00x49F2D68A0x9EA9D3370x8ED766C20xFD9BA3040xF4175814; p.UnAuthUserCookie=bb7622b1-75ba-49fe-ae48-feb7c77acba6; s.RPSClearCT=5j5ZGIOBjVgy5L8SUAexNuSViRkEHY5vXGshfJRnDOLJBGgtv9gbmBX03FDDg5hCygEMNgPp7JopPYGo9VtjKAjTXevaezBIVF0EE4HWxTKBpz7h+5G7ZHPNtwV3C3C27zp1XVbtPpA0tHyDzKnweUJtkPoBmQ2UeXpZYcGDAzVFExD8bZwk0RfNm4txuELilgX0Z+s7jRkh5dRu7MFaHH+naob4+2RJelaxcD7fBRGMT1kYloKJfgXihMfdRB09ZjT/egCmiT57jhGSTkIZfN4wIlAm2BzlQ4XBQ0kbLfG+bm/4m9OMITtQOf8Czj/8mlYzksaeGmVzf03syDlJgb4fYoDcMVQ4gUQBtLRZeaDhiIUQDBnTW70XHs4hpaHJCweSyfxrzvXzQSIg9NBe5a30he42cTaMDgY9XmzJxN5r1I32zAoYjN/gjdW4/q+zK+yeN3oNgHD8IufgUFEcdMCBa+CsgVPox9fqYlXJ0c25ksXgRTS6txYe0iHCwZlQgXLKslbjC7k1suHvE7jbCJ5pFfiwDxsISNegC26ENmNoVSXLVP3lwkvwnCMXywtMgiyP+hYjc30EI4inIC2pto9OhECztFscN46mCSBx/d/uTGMVJoSp3I6yikO522/UilLD7/eTeZj2/K0bwOJLVXeoHBNlcLb174JuKZI3KhmcMxFyuo3lWw3lE1YfWLDFqT5VE2eyX5ozk94xKtoWVOvf4MMEPPIMlQmu/gENl3GpegabsLdRr7MHQB16juRl2VS8yitoDrgp3H/d/9DyP8YTIDP3sF5Zdk2FWb/C+Avj6c9M3NR8WhO56rojCO0FkRnOo6uhDxNcVzRNulOs4+G7Sfgt9KOR7iYw3dEe6RrXccR3rp7wuHsdQfmqbbBq6/shW96m9tJuPPDIsYx7XmPU5TtvzFwOUkkLRcEbUd1MqwZknJVlHvbBc69nsc7dbBOQbJF07PfXyF064jjQDWQx0qWUoCRBHxoQNAv6i0lU1z0BTIm3JSU5ZsAZMzyWxzxZFVaJhXdZ861U0SQHfw4RTnQhvt8qjTrYDkmrvtEh8Ba/kPn7O7KpUMnODVRpCnCcIIC0BTNSdbAntlNHaA==; s.AjaxSessionKey=wEAjKvw1WCmLD27I2TGqAuga25rq5HdKrdEOCOTXhfX4k6H3U/AQru+hPWfWSMX0hhQ++OFkm/FvKN+Z1moC1Q==; s.userid=10037FFE9574B4FF; s.LoginUserTenantId=YSFQ8kyfSxMbyHdGGe3qeVi0Uug+6O1jT+ZVn5rXNvX9QvrR6VUpwYwG9HCZUaeyPZwzHuW/1zGwV179588ts2OVGQvmAo5Fvs07lM8ARoKOgyg7UxVdhvVsWU8cDWHiP4Is7P9PdSBPPoDQFjRTpg==; p.FirstLoginDateTimeUtc=id=-1406574579&value=Jan_27_2016; MUID=0F3BE9304DCA6D792017E0994C5A6C86; p.TenantCulture=f5b4bce5-06f0-4035-861f-ddea6d55a5e9::es-CO; s.TagCacheKey=fMdZZLwxq70P5SVbV794Vbf/Nb6nrvfWN+sIz3KSTqCAUfDP6dbCYDg6kiwPPZmjo0A8m48rtqF1Ir450dSxl9Y/qWu+a5gYRmTOZh0kXi8bndA40br4f+YO2xmVdZ3SpkSjwknoddE1meso8NTWvi/lL5+oKy5UOMB4B/YPRkunc7y6z0LWzq+xHgorBWo+ccL4JRzeTdThlxVDd23IcPO/w4O9+O51AHtw3qkZ7kvBiCZcooMX46yGP0SMnsZ0qjg8cv0o01w15/X7rdLQTTut7idyAsvhGsdlOLY8ghE=; s.BecContext=AAAAAQAAAAAEEGiA2yjQd8hDt7bHKBd5pSsGCWCGSAFlAwQCAQYJYIZIAWUDBAIBBglghkgBZQMEAQIEILiXEtiztm51j+9eensRmodQaco4fuQKKMwqb9FVtJxdBBDLmOAQDw0294WzUuRL6prcIIIBsJMrwukBvRsIudZmuuqrcO0I+DdJo5/fMTl+8zD3knXxHpckcUeBtdiqx/OPKiMF2i2gyqd7KV5p7E3yFPIsNs9UEf/A27qVOtZdvOh5YXX76MK0zjSN/19mSRLFu0sAdbIJ9OQhq8KVVx+55BGDRPp/LgZZfBvFG0nW0QSp4wioBCRyYdzBUFfPHnUyFsk2TzynImwDInjtrk3VAHXD2gojY9Hf7hL+16OXEeYGp4x20AAQV9ubRUwlEKZwt3tAfcw/RHq1lL6T+XbwijAqWQUFusHQ2Cm2jezy4tj6d8KxC4UJ1HFDdilKFPkefO4dprMFzPwAnGUHc2h2QPh+AsT5vvO5SQpyWaRy4lO5BK152jI+z60NMLsACkMn/WpopS0XsHph9fyYH4cq222bXUGnj977NN1YaQG90IHNVdoJ1Pbzl7MHD0QbStWky9hdFMzY4ZK2yO6X5KViSqbyLpIyDl315IoogL+8DQOHua+0GQrAE8z6vkSg0CMhbr+uGQCqbvDZ9tBFmRF6jbUQzAUbVoQoPPeynR+cNOT6B/8oS3zEhH9Ab/svAI1Qa5Fuvg==; s.LoginContext=xkNt6v27vuo9QXcC1Jf5YhKmacvZk57w7bPf0TXbQmUndaDq2brrBq3OaQWFKLWzR97LsRskYAYsQ5dwXU/gE92SjBAUgRPVpMuYylaLWlaFLnlm98J7bBPXRWRd04BDjytrKixUL/7XwSIVY/xeDMDV8u8nKZHS9mC5Hl/+oGxHdGoYPuwQRhh5WT/MN4sK3QL7J6aYRAZts3zOOud0+bQOGARSaJFk1+m04hf6aMybYZld7WidRcG9cRrNO4hfwn5ts3H32mOWFKMW9WaClfEQvgbYUe/PfHY3uQPqYp5l8scBh0daN2ZAzuftV3vcZSm8KoQW3DPwFIU1Lej/d1GnaOPK3p5dst4Jcn2ZVYO+vXVGKs1V4tIfeYjv5RvVrKHNamdbpRmBuiho82kO+j/3HbyzsA1EuX4ZxZ2GRHun86FmTfrVQaRvKuZXKB5TJbJkq30g+i1XO4QPlejyMMTe5CHZruSpHm4kFqfCvBQLoXricgD+Ctqev6LJvLV3Uio+YvqB1anhMNZm4FCp86G9K9x7DDx0Vmyir0wdAl2yxjppJ4GG08X+bfVL364yFkaJY0IwAFkDGbLUvTzS/WtLp/M88bFsRWn4wOOOdWAEECjkQ5U3HabbwhD6Xx2Zuui387U2/FWy5OKkQ9gk8FuaWMZnHGutKZ+fSBPUXXxduL3euN1ESouQR80A2RoRKWPl94rGNysiQ9BUdjMwU4RAfAGaOB3FEOJzi6KDsCImjBrPxg6Hk+WGizyE+1D5/y/xmAE5Xf0qw/YBFg6cCULYptJr+IqXM/28vTgny4XQZYqzebywpenxDAgS9vtmdY66xYULPbpvdx6jKGzLw4XxL9V4W8InkYRvccOV0zQ7VC+nTHsTnzQDxX0m3TzwXtPInZ7kBBJrYRgE0Pv5Op0NI/ut8Pbhe4k9pJHlBNJnIwL9K1mh6mv2uAvKh8w5JlhKuEgRgCRPvGsuz4c1d73YE6KabHsNbt+JKUKu1KfX4ZW6KDWcFCV4yiLd0Lqyd28dPuhl3YqV4zpSTTp9SnevZeARnRRf2/M8wXEfWIJeHWDXj3UBXoUJTiaIe5RkNvisje4SCMOQ1s6amKBZGU8UxnRbY2S9r1pW7tR/oTAH4uKx7N72ljl6Yx4DgLeZ7eKtVgzzbowL6LEj7Pg/e62oxeI89C7j7zDOWwcMly4sM3OZbyIzcIbjIoarbAiqoY0TMkHyXLDvhu1IZNyMX6D98S8ZPz5UseCzBkLBi9OrSb+dCbxDFOn+9kTHa1uBMxYSDGwlzKSE8AQ4R38KE/QRkAQfPqLv3hPSaSlDqPFa6S77RRNaPms1LQGcDPRWWo8IZSZOO9hM6nnd87joFDMnLmVBeDBMtkvywgW2ARj0IjPpB0QkgL2w2nk1DVdBBG42zWYRothxglTWZLWWm4R1QuVJEmVuorS+7B+J80APHLU+uOFClp6AnW/D31dJdoOFpgpmt7ImS4y698mkc/3pj3f8U6Tv1ti110D9+VrmxFnZRHj5FXqRrumPAz/fXBRU5BK2pUL9eebpdRVmleQnzSXrFg8pE/JDZnu8wjhkcj/Ii8MBfRmHPeoCCAFzD+dMEAwv2vOKSE+oeu/VPMn8JZd/5R6U+mYPAUQhWtHMFHdS7WjWB3deF5HS5mNk/uYIlo+2ZWo40kPW9OFps9QjQ69BIDVrMt2jCgYVIQA1GCPevV0ofXbFplpYufZuG+odaCVZESthUMHkTXGTrBpPuRImtf7HHMBogfpvzyTbQFdpeEpMkPYagYdHJn4kP1QNKbhV1Ohgjhq3CE8Qj+dXB4A2tV2JKD6uU/P14XoXFkLUsue0LRviPrLw/YTvDMATn4sKW9fS2s7TYkZkgvGqnsvz2ifq8M79LijXsT47TiEMfN5VTm3YIFJ4PSOLwtf0Jo6m7fT/EJPeYy9b507x4wtdqiRwK9hOPvPNpD3DMRPSMal9V5YYbu9iZkopdvgiWSfoQWQz0Xns20R5XS6iCfV8VYrosqDy3sfpiPPHppag1wCL/iqp55gXgDijJGSrxUdqZKHfU8P/8Cux9NkXR3qNXfiNapFa8gaf3EfPU7MZmO7L8L8OqxJqBB+D9AhGE5NLyhfyzgrBcmI+gCfrXB4b0Uc7fE7LZqnoKMDscWvsfye0xostQFxLxVe+y30jAkkFmqUNBD8/E1IvTO4sziRnThLl0xk3eg5/e29MGtk5tDcdtEjie6/vrNFkLwvgPLUfW79kPA1A4/ESp4f5a8ISggT7ixoYzGlxh7TqRORp2K6ZIPqwwxkVZSe2unwEN7Qu+AzyV4q441qSS810+wWRcJVUeMupydKLp24F5H9JHFfc2kivSBetZnzJ8hlGM/pvHosnHxXzATzWl1nPF3vmcQLqo3NRuS4968TOD+ifhyndby5+z83Qn1TqwU7CMLwcxpc00kVRjxNUte+E1lIHB5eNG00F8aGYVnbiEMIndvp+3D2c4I84RT4sbLpulQtlvwP0Y7+g7aPRWkXVzIHQVKBV4AV2V2CbKX3Zy9MEda46ov5TY6D81U9TMxd3+zFdSoWhNR1/D1A0Og8M7s2DuEvaIn1nHKuCHDPKvU91MaZg+Ib/wPi2nfBpx9RC3R2ti3LZdBytZ2Vb45YYLrRE9ycMo3301Ka8N04jG+18K13xPQbjxEJBel/eztELNQqUuzrUbN+JYv8MoC3B1jfRtfO6Xq202Sj5NxqpCJRO8BcaiLd81sZNynB2jFLcAFlHcbsqki/OKIKQrvDvU8t2S1b7jxef9qf4dU838fvcfjM4iMngm5qqyb6LTTETcM24m9s2fq9UeECtDNVM7bgfXR6LOfWYHX52cCZyLUwazZH/Jqu84hoUE1HrEe/XDBMsrgFFxelLH+smw53fx7UBBaxsGw2ca83bl2VbUvDpV5eo9a45/9yz3lEsXsLyPT3jXMtLuuOcu54g+gX8SJ/Pc4p/VO9bXCjodP8JmyHgMnXJ+7QxW8cht0LNIJL0HnqubS/L2Kq8+u2kwc/Co5S431yuFFp6OUoR52pvNJmM9i7ZHogvAKlbA1tYdCSuormfJZYIQII4zr4vAkfw/xBG8qxzuMnf0U0Og8UEIch2PIXyjAg5ew6pQUlC2RC92IdDl5rQFMGPA9XefcehUZ43OTw+x3iSFsYyJwhJYWylN0mZq6AKWroXESuGf7KOT8RPztwcxgrnW+x0jRa2jzYNVPYrYZTzgCY+0QTjk8mBrNyKS10X5aCOo41cNY9hile/WHQJCHxoEArBHDJUCQue9cSj3+d/SfsNFnT13KUGBzMlEO91sGsRtU01uQNJSVD5i4JwBs5F4eK/Qz3+F7yzBNes03s8Zs4SnqSvOgBrIx/4F67w+nEARxuthkSKVl0IWbqNO8vBEWSm3A=="
-H "Connection: keep-alive" --compressed

I can see some response as below:

Now I am trying to do the same with $ajax

$.ajax({
    url: 'https://portal.office.com/api/myapps/GetAllApps',
    type: 'GET',
    dataType: 'json',
    data: {
        format: 'json'
    },
    beforeSend: function (xhr) {
        xhr.setRequestHeader('Accept', 'application/json');
        xhr.setRequestHeader('Accept-Encoding', 'gzip, deflate, sdch, br');
        xhr.setRequestHeader('Accept-Language', 'en-US,en;q=0.8');
        xhr.setRequestHeader('AjaxSessionKey', 'wEAjKvw1WCmLD27I2TGqAuga25rq5HdKrdEOCOTXhfX4k6H3U/AQru+hPWfWSMX0hhQ++OFkm/FvKN+Z1moC1Q==');
        xhr.setRequestHeader('Connection', 'keep-alive');
        xhr.setRequestHeader('Content-Type', 'application/json;charset=UTF-8');
        xhr.setRequestHeader('Cookie', 's.SessID=6bcb4983-767b-41b4-8bc9-03d5df23fab7; p.CachedJSFiles=16.00.1449.010:0x27F042160xD2810E3C0xF5EAFC860xA82B20870x58AB93C50x469628490xA2E1E0750xD5297DF50x63CBC2C30xF07895570x76AC56DF0xF515B60E0x052D52250xE77D86F40xD6CD36BB0xF5394BE50x0CA8EA080x810AC8B70xFFDEDE890x59EBF4680x117A18140xFCB544560x2E5289740x883529F50xA732E006; p.CachedCSSFiles=16.00.1449.010:0xAFCABDD50x7704885F0x1EC8288A0x2A2173270x7A142B580x630DEBB30x146543E00x49F2D68A0x9EA9D3370x8ED766C20xFD9BA3040xF4175814; p.UnAuthUserCookie=bb7622b1-75ba-49fe-ae48-feb7c77acba6; s.RPSClearCT=5j5ZGIOBjVgy5L8SUAexNuSViRkEHY5vXGshfJRnDOLJBGgtv9gbmBX03FDDg5hCygEMNgPp7JopPYGo9VtjKAjTXevaezBIVF0EE4HWxTKBpz7h+5G7ZHPNtwV3C3C27zp1XVbtPpA0tHyDzKnweUJtkPoBmQ2UeXpZYcGDAzVFExD8bZwk0RfNm4txuELilgX0Z+s7jRkh5dRu7MFaHH+naob4+2RJelaxcD7fBRGMT1kYloKJfgXihMfdRB09ZjT/egCmiT57jhGSTkIZfN4wIlAm2BzlQ4XBQ0kbLfG+bm/4m9OMITtQOf8Czj/8mlYzksaeGmVzf03syDlJgb4fYoDcMVQ4gUQBtLRZeaDhiIUQDBnTW70XHs4hpaHJCweSyfxrzvXzQSIg9NBe5a30he42cTaMDgY9XmzJxN5r1I32zAoYjN/gjdW4/q+zK+yeN3oNgHD8IufgUFEcdMCBa+CsgVPox9fqYlXJ0c25ksXgRTS6txYe0iHCwZlQgXLKslbjC7k1suHvE7jbCJ5pFfiwDxsISNegC26ENmNoVSXLVP3lwkvwnCMXywtMgiyP+hYjc30EI4inIC2pto9OhECztFscN46mCSBx/d/uTGMVJoSp3I6yikO522/UilLD7/eTeZj2/K0bwOJLVXeoHBNlcLb174JuKZI3KhmcMxFyuo3lWw3lE1YfWLDFqT5VE2eyX5ozk94xKtoWVOvf4MMEPPIMlQmu/gENl3GpegabsLdRr7MHQB16juRl2VS8yitoDrgp3H/d/9DyP8YTIDP3sF5Zdk2FWb/C+Avj6c9M3NR8WhO56rojCO0FkRnOo6uhDxNcVzRNulOs4+G7Sfgt9KOR7iYw3dEe6RrXccR3rp7wuHsdQfmqbbBq6/shW96m9tJuPPDIsYx7XmPU5TtvzFwOUkkLRcEbUd1MqwZknJVlHvbBc69nsc7dbBOQbJF07PfXyF064jjQDWQx0qWUoCRBHxoQNAv6i0lU1z0BTIm3JSU5ZsAZMzyWxzxZFVaJhXdZ861U0SQHfw4RTnQhvt8qjTrYDkmrvtEh8Ba/kPn7O7KpUMnODVRpCnCcIIC0BTNSdbAntlNHaA==; s.AjaxSessionKey=wEAjKvw1WCmLD27I2TGqAuga25rq5HdKrdEOCOTXhfX4k6H3U/AQru+hPWfWSMX0hhQ++OFkm/FvKN+Z1moC1Q==; s.userid=10037FFE9574B4FF; s.LoginUserTenantId=YSFQ8kyfSxMbyHdGGe3qeVi0Uug+6O1jT+ZVn5rXNvX9QvrR6VUpwYwG9HCZUaeyPZwzHuW/1zGwV179588ts2OVGQvmAo5Fvs07lM8ARoKOgyg7UxVdhvVsWU8cDWHiP4Is7P9PdSBPPoDQFjRTpg==; p.FirstLoginDateTimeUtc=id=-1406574579&value=Jan_27_2016; MUID=0F3BE9304DCA6D792017E0994C5A6C86; s.TagCacheKey=Tyo3H5iedT2v3VBQUIPR8X17RI2TPN7NbZ57l5cTNIu2XneEraxvGuohA6b+30tBn15x7XkXLKyjJjJSI7EX5f19nlvrpYcdHo8vRgCFjNVRaXFOqX5tjfVQ+3egiYh6xiKFxRK5RikgIhi+qHdUCgAAh3ubFGhsHdrqp4C9Z2vuKxNGGEIbytPAVslISKTRjlt8LrsaG0P8oqKIrLRgR0vFjbL3XZD5OV+38GpP+deHvLAJBc62HMpOrjqGcQF8FXZK9jRcAJrIgelXogXnINvqvmUTDHyn/l9JQTDoOUc=; p.TenantCulture=f5b4bce5-06f0-4035-861f-ddea6d55a5e9::es-CO; s.LoginContext=p44xgPoQ+qKCb3T31bZ96FLuIXrdoPLKDdutPlXYJtZ6tWDa77+PjGr2afyNEQ50fFDPJHNxOnTW/QwC4V+9gPwrFFakf9/ThgeJgY8HLa3/MIy16WepkisyIQheaIuNvqBPaM0gSK4cenq+WCo4jRlyOVYP9RjMpEGnKyhtcDLqk6TVMG8tY4inS66yjgJy93cRhNycVENiKVrdHoG7lOYTKRD3FaedntzFMNa3lihYaPYZtFlC2lQT7OVN0zQ0BF63nJu5nG+8j3xihMGRCL8tL2vSReN+SX1+H9Ta0kv9vzOi4KO5F0xdWVacryhAokpnXpxD61QR1yarsaibKm2TfqutYUDPuJtjZL4tGCbOxUENK9uaJljxhzhcFpsafpM3MOMiLIl1GSHEoBF1DLgqoEK2Z+UkM0Rg2r1h4UditmWLC7y6lIfRvNsoI6M0Kci82eZor1QFP3qLLBTFhodtCa6aNeJcNbH8ALAKDyZgXQMPPOrLYPM49ycgUOAvqBbi8p3B64PgRH2wXLhuJT+iSZF8xXImIrcFxydicvDyk/brdNtwteeibWYRVL/Qq6yOPI7zolciC84mctKPQ0KdSF5gZeY/lu6Jfpogg+DlUtuGJpdLtwFhPFtpsNGnBkMuUtd/cLTGwg8oAxrt/SlzYYNYpK0Vw35Hxvbprq0vXwhS0Gmq/KuuTZ0EOLan8uWqNwsCyR947sZao++DJzEpjYLkV5D5U1QuF4qZx9jRh0shLF/oayYjyIXGnFBHprifeBsoXP7RWER+Prr6UzEKGq+Q8N+Hig1qLfsLPLnBu2AItbnXAWYAbP1w9zzDyl1a7saJan/zg2RClZeNipx8rzsUibmNNV1aNfFj29kmU14GXTpYRrlO7wr6qF/Uk2q2xCPzWSGcmDEt/iw8zt3CGUC9Js5YVt2kxoqgDujByejP5M3YSvdZXyq93oBhYNzj3y9C/oBUo5Xq7cqnAGp3nAVIJhrIgHaeq2ozWteIA78wO3Q0HVImTf98jJs75lxvd645AwsZqEen4OOyvFyGP9ZPLBVT67AgGJLlqWnllYk4hS19ufxd8TPoMn7lAIvGQBkcgkgJgvVOnfdKoD/c6uCr64W5JPK7G3WXObtBvBdlcgObG+b/ATbDftWZJoPm/AWxDU5l5dnyyxIWfYukgtGTSH3JMS7x+vGDYebVHHxgUlwRIzneB59sCSQF6gvoOa+khSeZknTAgUO6Ireitrd7mDLRaekOBs3phKY4ur84NkWymLs5ekwjQCVonyIfCmHfAl3yB14i5ufyfQc54F6AtJDEqkouxKPMDGRg8oMdB70Yr5Y/VseuYLivHbLfP9DsrKOa933ORCtb+7QXUzcRtcWuOyzWfDfIhXFfaJqBzGUw1NxZdUr/7LBjK1sK8SQDrH6Oy9ZpZsu+h86cVl9++2W2eHQqzgZpmpKDwRDyyDeDqLanhNJBREuZmzJcvan3c3kr2XvKS9SncwM2HmYGniZ9Fm+5uZ0fRDHtzWlvnbkcUUBr1K/Vp2GFmXj9NGZKZFxNAkmvpj9as4ykYmzXU7/uunVeQYSPzjZFU7ZGrV2I+oRfoASQEeNmNxhKfXiqAZz12rscMP8ou92A6/jDTa3Y2zHmSS/0CzO15+avjLIhPgrVBuRYlZIwceJetxBmY3cNBBhi4OIV7q9NRymWQz7R7pLtteFlx6HJ+cERKBHFf9IRqi1xZ/NYpSCyZJ5PlmevSt1R3FJtK7zhRGy4v0uxb4DuADKbXLr8nGNavtIdHYrb+RxlV1dXAj1/lvTmLoEcd/O6ZtHfGHMuhMPRl67bwJdNENUxJQMjCu2RSNwT7Nxq//IXzSG9VzdpsrOVDepD/pP/QB1PsAL3XYRrXmxes9c1aYZZZF0j0D5VplfT7QdIa8xZMt17COeWJYs2o2+skyN0lP+GHV0Eu8By0U36EGNsObDvMOmHqxc/kZXBXbmKo6nu689CyPDheoO6tWKVkvFr1hnEWhXAcuZQ6EVhu0+Q55NL405/VQ+XRRHqas7G8RNmmMSepL/g0JYwmBIMvaeBOSJkKPomoVtqW+e6LFNTxzvZbM4TpdhL73WK0wb0GrNwKGaNY/SdU0uhUHUxqR0rJ3QYXQVVl1jGb5vv7jhuu1VcixRlLIt3XNlYWSsa28m1GEkFFLqVAmJl/LQb6mnJRbXjYkhBJnVDfpQrpJ0xOeCn3Z5hcU6n6URJv8/y1rLzjUKFhO9HiiTXp2gBPK5uX+uo0paN/5VYvzwqoqvLGMiAHBWFvNPa8yhphqS324jnjN0xMCqRfQPMswV3UHnbpia5LGO+3kfW19ivNaF5bH5JCqTKHXuGj8M9JSv2dGJJi4rUXPWBwFKjSs7kgyRzbdPWSS1EijFw95rxTcpAapc/Tu5cz0305dYJzTOVlQLkdoFSDnj66NpsoTH3Llyt2BJVsSziLHDI3Qu3afRNvuq48nRMRWobQEVef/8k3M/D6By/O9A7IaMgdUk/Cg2KbdEbArSHf19mP97YgWvugw0Hp+LgUXNhe1GBFaUlzIBdX+NqE+wJslvXUAf0tZQXi5AdU858+Vgl11qcvHuH72VrjwM6DGFRicanCNLhLQrqUNY0GbbmFnsL0HxGSZ/DzbAmLKQ0X4vH+OYYt59ufzGMQYYWt/kyKOMn6JsUPNVyZ7RHcN+HLsdyj/zPHAjQHSQ1DASuCM+eQJ6VCxq0P2/BWbPB1ZL/K9sEv/bDTI7VqfrCVf92EAD0TcSR+v6T6WaHvyZ9fY/deVpMnlYtfJ+UdLVgqckXwNsFcCUwkFrOkgrhDKcIfSE8xduk40Wr5uAiF81zD/uUqlCvCAPGur1omF9TMD7ycZGr7eDgbndG5/f6TBxL12R41W2WlxRyQg2/fbfsSpkhOAmxPhuFQbhwl+rPBPOufa1j89QO1b6Mu4gJBGEmsT+kgO5MWU4LweWMby53KP63MNfgKZxKIB3lkwU2drx5skFOSzoAFof9vSg3hkjin6tW7wJTE37reVMngOXzRfFD0UIquk5ae9wtOEEp7HSlLFLOLa9R58BGz6b3yxgPmJFbqFPvkV1qP9uT+ZpAvjPn5M3ic92sPW22mCwdV6PbGK/8BrcIhqg+/Xcda3DNirA19cE5bl7+U2shgyrGPTIFc3Twlds/eNt9xcNqSgNhOXol5F9wZ8Ri/9M2Vg/Z+YRp2CRi6Xyr5mxmUrNg2UIyejNOFQYQRw7VJnFdjTeluHwNYz5/zKIi5HPITW71b/B/1yBSvJABUOFdQgdepSSl6QwnsB9+1upwQWj4pE+6Fx1eiuTKO1cGT/GclAAMz8EyWjJj1vJNJJLxutjVZmbeACH9DiLEc7Vr/WsHTJv0VLJ2rjq7U3dDxqQ7GDzaiSEuwIP17WE2uWNUAg==; s.BecContext=AAAAAQAAAAAEEGiA2yjQd8hDt7bHKBd5pSsGCWCGSAFlAwQCAQYJYIZIAWUDBAIBBglghkgBZQMEAQIEIIimBSyEKl7CJv/2+fJ7kQWgf8ZFrE2rS5N4Q883AYGcBBDHkGvCyq58OtBctX3PiAbrIIIBsHHMMgDeIEwWcwFehoQJuPt6f1UvdJmidNryc/XXmTeGBKJn733KDzNXKjNmoREt/e59CGXSjpA97aD7b5Sjbjo9ubQ3gnFfykEZ5hePlMrbYgzNtMnRDpQ7UKIevkGU8K+REqUJPZqE4tcyi7gdnNXy/RlWfeaSGerL/6rZIm8OxTmtnIGCm7Hiw5CqLZ1PgCJuRDegh2VPJtI3s37pQC8o+81f02LOxQ2x/zV0BFH5dG9mLOGBomCEE5dgvMpjaE46mjK8jO9Z8JWzILVFS6H/ZxnW2ua9XJauMcgJrNjSTg6M+4ZEKbabDi0ACSdDTdekDJxN2edO0V4sLxNlTm7yyQJ1JLbcNlJWBJdrRS7GpXgl9n0byI/6GBDzTPHluqpQjirJ+2sFT7Y9ksetXDCE4VZTG6szx8igi1rc5vzyxWdfsc3rovUKMMNJM0aIXArMXYDN85C8K61X9gq+1iArr5fWGch+VwsVYWdXZANgYZDrnqknVLEJAbkd2Lrkd98kCMZluDWgH7ZDPN5lOxe7yRuFb+7vCmJXZMdgjiiPwuu1aZk8vXFNQNpxwJ8aTQ==');
        xhr.setRequestHeader('X-KGP-DEVTYPE', 'xxx');
        xhr.setRequestHeader('Host', 'portal.office.com');
        xhr.setRequestHeader('Referer', 'https://portal.office.com/SuiteServiceProxy.aspx?upn=luis.valencia%40softwareestrategico.com&suiteServiceReturnUrl=https%3A%2F%2Foutlook.office365.com%2Fowa%2F%3Frealm%3Dsoftwareestrategico.com%26exsvurl%3D1%26ll-cc%3D1033%26modurl%3D0&returnUrl=https%3A%2F%2Foutlook.office365.com%2Fowa%2F%3Frealm%3Dsoftwareestrategico.com%26exsvurl%3D1%26ll-cc%3D1033%26modurl%3D0');
        xhr.setRequestHeader('User-Agent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36');
        xhr.setRequestHeader('X-SuiteServiceProxyOrigin', 'https://outlook.office365.com');
    },
    success: function (data) {
        alert(data);
    },
    error: function (xhr, status, error) {
        var err = eval("(" + xhr.responseText + ")");
        alert(err.Message);
    },
    complete: function (data) {
        alert(data);
    },
});

But I always get this error:

What am I missing in this code, to be able to call the service just as CURL and return me the response I need?

are you making the request from another domain? If so you don't have the cookies. Also some of your request headers are pointless like contentType for a GET — charlietfl, Oct 09 '16 at 19:46
yes I am doing it from another domain, but how come the curl command works fine in a command prompt? — Luis Valencia, Oct 09 '16 at 20:01
because it appears you copied the cookies. Can try using `withCredentials` but you won't have a sesssion set so my guess is the whole thing is not going to work. — charlietfl, Oct 09 '16 at 20:02
yes I copied the cookies but I also copied the cookies to the ajax request. — Luis Valencia, Oct 09 '16 at 20:04
but an ajax request includes cookies...and those would be empty — charlietfl, Oct 09 '16 at 20:05
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/125298/discussion-between-luis-valencia-mvp-and-charlietfl). — Luis Valencia, Oct 09 '16 at 20:15
Are you allowing origins from both sides (caller and server)? — RPichioli, Oct 13 '16 at 04:21

score 21 · Answer 1 · answered Oct 19 '16 at 00:45

Answering your title question is just use the headers settings for $.ajax. For instance:

$.ajax({
    url: 'https://portal.office.com/api/myapps/GetAllApps',
    type: 'GET',
    headers: {
        'Accept': 'application/json',
        'Accept-Encoding': 'gzip, deflate, sdch, br',...
}});

But I don't think that the error is caused because of missing headers. You should explain better the error, if is related with same-origin policy you should take a look on these links Working With and Around the Same-Origin Policy and Cross-Domain requests in Javascript).

score 4 · Answer 2 · answered Oct 13 '16 at 04:06

4

I think you need to provide further information about this error but my first guess would be that the host has No 'Access-Control-Allow-Origin' enabled, and that's why you can do it from console.

You can try running chrome with --insecure or just install the allow-control-origin plugin

answered Oct 13 '16 at 04:06

jonystorm

548
4
17

what does that header means? – Luis Valencia Oct 13 '16 at 14:36
it means that it allows request from a different host. For security reasons browser don't allow ajax cross origin by default. I suggest you do some reading regarding CORS – jonystorm Oct 13 '16 at 16:56

score 4 · Answer 3 · answered Oct 17 '16 at 13:45

4

Can you try with by adding dataType: 'jsonp', crossDomain: true,

answered Oct 17 '16 at 13:45

Rajendar Thatipally

41
1

score 3 · Answer 4 · answered Oct 18 '16 at 15:36

More information needs to be presented to confirm this, but jonystorm is most likely right. Browsers follow the same-origin policy. This means that all requests must be made with the same protocol, host, and port to succeed. The exception to this is if the requested server includes an Access-Control-Allow-Origin header. This header allows the server to explicitly list the other hosts that can make requests to it. You can read more about this on MDN.

score 1 · Answer 5 · edited May 23 '17 at 12:26

My guess is that, although you're setting the cookie, your browser is not sending it with the request because it is not "credentialed". You should set it to use credentials with:

(...)
beforeSend: function (xhr) {
    xhr.withCredentials = true; //Include this line
    xhr.setRequestHeader('Accept', 'application/json');
    (...)

The only issue is that this may not solve your problem entirely. Because by when doing CORS requests, your browser looks for the response header Access-Control-Allow-Origin if it does not match the exact host your page is hosted, the browser refuses to serve the answer to your page script. Even if the server returns the result with status code 200 OK

My guess is that Office 365 API wouldn't return this header with your exact host for security purposes. If it is your local/development use only, you can always run chrome disabling the Same Origin policy. This should circumvent the issue of having the browser refuse to serve you page the AJAX results.

score 0 · Answer 6 · answered Oct 20 '16 at 02:51

I think the api requires authentication before api calls. You should be considering js api code samples instead of using curl type header with jQuery.

Try

1) https://www.itunity.com/article/calling-office-365-apis-jquery-adaljs-2758
2) http://paulryan.com.au/2015/unified-api-adal/
Or view office-365-api documentation for javascript (if provided by microsoft)

How to set headers in ajax call with jquery

6 Answers6

Linked