401 (Unauthorized) When calling Sharepoint Query

Copper Contributor

Hello everyone,

I am currently getting this error 401 when I try to call my Sharepoint Endpoint. It occurred after I added the following below into the header. What is the issue here?

GET http://www.test.com/Shared%20Documents/query%20result%20BEFORE.xml 401 (Unauthorized)

Previously, I was facing this error: 

Access to XMLHttpRequest at **** from origin 'http://127.0.0.1:1234' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I added the Access-Control-Allow-Origin with a value of "*" in the HTTP Response Headers and now I am getting the 401 error.

Please do help! Thank you!

3 Replies

Hi @Jedrek96 ,

this sounds like you are trying to access SharePoint from a local development environment.

Are you sending an authorization header or cookies? If yes, what does it look like?

 

Or are you sending something like "credentials: same-origin" in the header of the fetch request?

That won't work unless that javascript is deployed on SharePoint itself.

Best Regards,
Sven

Hello there Sven,

Yes I am currently running my code in the local dev environment!
And nope I am not sending anything through my script as seen below. It's just a simple API call with the accept header. Is there any other header that I should be adding?
Also what do you mean by "javascript is deployed on SharePoint itself."?

function testCall2() {
const xhr1 = new XMLHttpRequest();
const URL= "http://test.com/_api/search/query?querytext=%27BEFORE%27"

xhr1.open("GET", URL);

// Add the "accept" header
xhr1.setRequestHeader("accept", "application/json;odata=verbose");

xhr1.onreadystatechange = function() {
if (xhr1.readyState === 4) {
if (xhr1.status === 200) {
const response = xhr1.responseText;
// Process the response as needed
console.log(`XHR1 Success!! ${response}`);
} else {
console.error('XHR1 Error:', xhr1.statusText);
}
}
};
xhr1.send();
}

Hi @Jedrek96 ,

In order to access the SharePoint APIs you need to be authorized.
You have different options to do this.

 

You could create a customization and deploy your code that on your SharePoint Site itself. In that case the SharePoint API is called from a page that is hosted on SharePoint itself. As you as a User were already authorized by logging in onto that SharePoint site your API call can just use that authorization. 
Take a look at SPFX (https://learn.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/get-started/build-a-hello-world-web-... as an example.

Or you can access the sharepoint API from a different server. In that case you need to create an app registration and get a clientid and a secret. Using these you can login and get an authorization header that you can send with your request. You typlically do this if you access SharePoint from a backend system in some kind of job, not in the context of a user from a page.

Running javascript code on a page on a webserver on your local dev environment to access SharePoint APIs is not a good way to build a SharePoint Application.
First you will run into the Cors problem (that "Access-Control-Allow-Origin" header) This is a security feature to prevent cross-site scripting. You can only circumvent that if you tamper with your browser, but that won't bring you far in the long term, as this does not scale beyond your local dev environment. Second is the problem of authenticating.

Since the "old" SharePoint Addin-model is kind of deprecated you only have two options to develop applications in your browser that directly access SharePoint APIs.

1a) SharePoint Framework (SPFX) (https://learn.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/get-started/build-a-hello-world-web-... 


(1b) Install the modern script editor webpart on SharePoint like this https://sharepoint.handsontek.net/2023/03/15/use-script-editor-modern-sharepoint-sites/  , add that to a SharePoint page and paste your code into that editor)


(1c:  Serve the javascript from you local dev environment, but load that javascript from inside a SharePoint Page using i.e. the modern script editor)


2) Use the Microsoft Graph endpoint.
This is an alternative endpoint that gives you access to SharePoint Search. You can play arround with that using this site
https://developer.microsoft.com/en-us/graph/graph-explorer 

You need to create an app, see this tutorial on how to do that https://learn.microsoft.com/en-us/graph/tutorials/javascript?tabs=aad . That tutorial teaches you to access you mailbox, if you want to access SharePoint then you need to request the additional permission "Sites.Read.All". After that you can use the search endpoint as described here https://learn.microsoft.com/en-us/graph/search-concept-files


I
 know this is all a bit much, but these are general answers.

What exactly are you trying to build? I don't mean the request itself, but the business case?

Best Regards,
Sven

 


If your javascript códe is called from a page