1

I'm testing the scriptlab addin in excel

I try to execute a rest call to an external endpoint, like this

$.ajax({
            url: "https://jsonplaceholder.typicode.com/posts/1",
            dataType: 'JSON',
            headers: {
              'Authorization': 'Basic blablabla',
            })....

Above is working fine. But on a end point where CORS is enabled, I got a xhr.readyState 0 back.

How can I avoid CORS issues? (I'm not the owner of the end point)

Michael Zlatkovsky - Microsoft
  • 8,424
  • 1
  • 33
  • 46
Bart.NETJS
  • 165
  • 1
  • 1
  • 6

2 Answers2

3

First off, thanks for trying out Script Lab!

I would begin with answering the following question: is the issue specific to Office Add-ins and/or Script Lab. The easiest way might be to try a different JS playground, such as JSFiddle or CodePen. Can you make the call work there? This will isolate the question of both CORS and of App Domains (what Slava mentioned). Though

In terms of general guidance, I think you have several options

  • The service you are calling may allow exceptions for particular URLs (i.e., it may ask you for a URL that you'll be calling from, and whitelist that URL). If so, give it the URL of https://script-lab-runner.azureedge.net (the URL itself doesn't resolve as it expects to be POST-ed to; but your compiled running snippet will ultimately be running off of it).
  • You could create your own server (or perhaps a very small unit of computation, like an Azure Function) to do the call on your behalf server-side (where CORS is a non-issue). And you can have the Azure Function itself accept CORS. That way you're essentially proxying the request via your own server where you can enable CORS.

Hope this helps!

Michael Zlatkovsky - Microsoft
  • 8,424
  • 1
  • 33
  • 46
  • script lab is forcing me to use jsonp due to CORS for a url which is at localhost. The ajax call works fine using POSTMAN. Any ideas? – Stacky Nov 06 '17 at 18:10
  • For why it works in postman but not in Script Lab: please see https://stackoverflow.com/questions/25291840/postman-extension-get-a-response-but-my-jquery-request-not This is the same problem you'd run into from any browser-side invocation, it's not specific to Script Lab. – Michael Zlatkovsky - Microsoft Nov 06 '17 at 23:40
  • How to add jQuery in scripts lab ? – anshuVersatile Feb 20 '20 at 05:44
0

You should modify your manifest file and add into AppDomains tag your domain to be trusted by the app. By default, your add-in can load any page that is in the same domain as the location specified in the SourceLocation element. To load pages that are not in the same domain as the add-in, specify the domains by using the AppDomains and AppDomain elements.

Slava Ivanov
  • 6,666
  • 2
  • 23
  • 34
  • this is not an option with Script Lab, since that is a store add-in with a static manifest -- but with a dynamic URL that the OP wants to call into. But it may work for a standalone add-in. – Michael Zlatkovsky - Microsoft Apr 20 '17 at 16:17
  • 1
    ... Though come to think of it, I don't know if AJAX calls are subject to AppDomains (in fact, it shouldn't be). Page navigation, yes, but not a service call. And the OP says that it works for him for a non-CORS url... – Michael Zlatkovsky - Microsoft Apr 20 '17 at 16:21
  • This is what I thought, OP was trying it as stand along add-in, which was downloaded and modifications were done to achieve something custom. – Slava Ivanov Apr 20 '17 at 16:22