0

I have developed an Outlook add-in that makes ajax request to ewsURL.

Here is an exmaple how I do request to ewsUrl:

Office.context.mailbox.getCallbackTokenAsync(function(result) {
  var token = result.value;
  var ewsurl = Office.context.mailbox.ewsUrl;
  var itemId = Office.context.mailbox.item.itemId;
  var envelope = getSoapEnvelope(itemId); // builds soap request

  var xhttp = new XMLHttpRequest();
  xhttp.open("POST", ewsurl, true);
  xhttp.setRequestHeader("Content-type", "application/soap+xml");
  xhttp.setRequestHeader("Authorization", "Bearer " + token);
  xhttp.send(envelope);

  xhttp.onload = function() {
  // never comes here
  };

  xhttp.onprogress = function(event) {
  // never comes here
  };

  xhttp.onerror = function() {
  // COMES HERE IMMEDIATELY and ERROR ABOUT CORS IN CONSOLE
  };
});

that throw me an CORS issue

Access to XMLHttpRequest at 'https://outlook.office365.com/EWS/Exchange.asmx' from origin 'https://myorg.github.io' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

and here is how it looks in console on the network tab

enter image description here

I have included 'https://myorg.github.io' into my manifest in AppDomains

<AppDomains>
  <AppDomain>https://metz-dk.github.io</AppDomain>
</AppDomains>

However that did not change anything.

If I try to do requests from Postman things work as expected and here are response headers (not sure it is helpful)

cache-control: private
transfer-encoding: chunked
content-type: text/xml; charset=utf-8
server: Microsoft-IIS/10.0
request-id: bfac7074-180b-2e3d-2a55-94525741a78d
alt-svc: h3=":443",h3-29=":443"
x-calculatedfetarget: AS9PR06CU014.internal.outlook.com
x-backendhttpstatus: 200; 200
set-cookie: exchangecookie=hash32chars; path=/; secure
x-feproxyinfo: AS9PR06CA0415.EURPRD06.PROD.OUTLOOK.COM
x-calculatedbetarget: AM7P191MB0851.EURP191.PROD.OUTLOOK.COM
x-rum-validated: 1
x-ms-appid: a18de30c-141b-4967-90a6-793df473fcb0
x-ewshandler: GetItem
x-aspnet-version: 4.0.30319
x-besku: WCS6
x-diaginfo: AM7P191MB0851
x-beserver: AM7P191MB0851
x-proxy-routingcorrectness: 1
x-proxy-backendserverstatus: 200
x-feserver: AS9PR06CA0415; GV3P280CA0046
x-firsthopcafeefz: GVX
x-powered-by: ASP.NET
date: Tue, 23 Nov 2021 14:13:22 GMT

Any ideas what could be wrong?

Thanks.

Dmytro Pastovenskyi
  • 5,240
  • 5
  • 37
  • 56
  • The CORS support is a limitation on the Exchange EWS. As you noted, this works in Postman. First suggestion - could you make the EWS call from the addin backend (instead of from the web addin)? Alternatively, from your other posts, I believe you are getting MIME content, could you try using graph call? https://learn.microsoft.com/en-us/graph/outlook-get-mime-message – Outlook Add-ins Team - MSFT Nov 23 '21 at 20:03
  • @OutlookAdd-insTeam-MSFT do you say that I may not solve the issue with CORS? Are there any example in Javascript how to make Auth. when using Graph? and what would be Message ID? Thanks. – Dmytro Pastovenskyi Nov 23 '21 at 20:47
  • @outlookAdd-insTeam-MSFT what do you mean by "addin backend"? we do not have it as I understand. We have only Javascript/CSS/HTML/Manifest files which are hosted on github and that's it. There is no any backend. – Dmytro Pastovenskyi Nov 23 '21 at 21:16
  • 1
    I don't know of a solution on the CORS issue. I see that you have another post on token / message id, I will answer there. For backend, for some APIs, there is an assumption that there's a service that you can run code on. In case of getting large content like MIME/attachment, it is preferable for the content to get transferred from Exchange (email backend) -> destination service vs Exchange->Add in -> service. – Outlook Add-ins Team - MSFT Nov 23 '21 at 22:17
  • @outlookAdd-insTeam-MSFT thank you very much for help. I really appreciate that. Meanwhile I will run code on 3-th party server to fetch the email from it. So it will be server-2-server. – Dmytro Pastovenskyi Nov 23 '21 at 22:31
  • @outlookAdd-insTeam-MSFT I have accomplished my task just like you suggested - pull email from 3-th party server. So Outlook-addin just pass noteid, ewsurl and token to 3-th party server and connection server-2-server worked like a charm. a Big thanks to you! – Dmytro Pastovenskyi Nov 23 '21 at 23:35

1 Answers1

0

I could not solve the original issue with CORS but instead I followed suggestion from @outlookAdd-insTeam-MSFT and moved logic that pull email to my server (where email have to be stored anyway). So the code runs on server now instead of frontend (addin).

Dmytro Pastovenskyi
  • 5,240
  • 5
  • 37
  • 56