First published on TECHNET on Jun 10, 2017
Updated on 6/4/2020 to fix an error This post is a contribution from Jing Wang, an engineer with the SharePoint Developer Support team Symptom: A ...
Updated Apr 30, 2021
Version 9.0
Blog Post
5 MIN READ
Fixing issue in making cross domain Ajax call to SharePoint REST service in Chrome
We have similar situation with our SP2016 deployment, business users want to call SP2016 sites from other application using JavaScript. IE browser still supports CORS call happen. But modern browsers such as Chrome, Edge blocks CORS requests.
So i followed below steps, but still I am facing CORS issue. (Access to XMLHttpRequest at 'http://***********/_api/web/lists/getByTitle('Documents')/items?$select=FileLeafRef,EncodedAbsUrl' from origin 'http://localhost:3007' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.)
1. Installed this SharePoint Patch https://support.microsoft.com/en-us/help/4032256/description-of-the-security-update-for-sharepoint-enterprise-server and Activated OkResponseToCORSOptions
2. Integrated On-premises SharePoint 2016 with Azure Active Directory as here. https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/sharepoint-on-premises-tutorial#configuring-one-trusted-identity-provider-for-multiple-web-applications
3. Registered Azure AD App Registration with SharePoint On-Premises API permissions.
4. Created a simple NodeJS application as here. https://docs.microsoft.com/en-us/learn/modules/identity-application-types/3-exercise-single-page-applications. I am able to call SharePoint Online API successfully. But On-Prem calls are still failing with CORS error.
3. MSAL Library is returning Access Token.
Please let know what did i do wrong here.