Sudden CORS errors fetching https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspx

%3CLINGO-SUB%20id%3D%22lingo-sub-1804094%22%20slang%3D%22en-US%22%3ESudden%20CORS%20errors%20fetching%20%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%3C%2FA%3E%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1804094%22%20slang%3D%22en-US%22%3E%3CP%3EWe've%20built%20a%20solution%20(web%20part)%20that%20allows%20users%20to%20launch%20Windows%20Virtual%20Desktop%20apps%20and%20desktops%20from%20within%20SharePoint.%20For%20this%2C%20we%20used%20some%20of%20the%20ideas%20that%20were%20described%20in%20following%20article%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsrdn.io%2F2020%2F05%2Fretrieving-rdp-files-to-leverage-the-new-remote-desktop-client-for-connecting-to-windows-virtual-desktop-resources%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsrdn.io%2F2020%2F05%2Fretrieving-rdp-files-to-leverage-the-new-remote-desktop-client-for-connecting-to-windows-virtual-desktop-resources%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20first%20thing%20we%20do%2C%20from%20a%20client's%20perspective%2C%20is%20fetch%20the%20webfeeddiscovery%20xml%20from%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%3C%2FA%3E.%20We%20parse%20the%20xml%20and%20try%20to%20read%20the%20Tenant%20Feed%20Url%20and%20then%20we%20continue%20with%20some%20other%20requests%20to%20show%20all%20apps%20and%20desktops%20in%20the%20web%20part.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUp%20until%20recently%20this%20worked%20fine%20and%20we%20were%20able%20to%20show%20the%20user%20a%20list%20of%20apps%20and%20desktops%20which%20he%2Fshe%20has%20access%20to%20and%20could%20then%20open%20these%20using%20a%20downloaded%20RDP%20file.%3C%2FP%3E%3CP%3EUnfortunately%20we're%20not%20longer%20able%20to%20use%20this%20endpoint%20because%20of%20CORS%20headers%20not%20being%20present%20in%20the%20response.%3C%2FP%3E%3CP%3EWhen%20we%20do%20a%20fetch%20to%20that%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ewebfeeddiscovery.aspx%3C%2FA%3E%20url%20(or%20a%20different%20url%20we've%20had%20some%20success%20with%20in%20the%20past%3A%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Farm%2Ffeeddiscovery)%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Farm%2Ffeeddiscovery)%3C%2FA%3E%26nbsp%3Bwe%20get%20the%20following%20message%20in%20Chrome%3A%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EAccess%20to%20fetch%20at%20'%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.aspx%3C%2FA%3E'%20from%20origin%20'https%3A%2F%2F%5Bour-tenant%5D.sharepoint.com'%20has%20been%20blocked%20by%20CORS%20policy%3A%20No%20'Access-Control-Allow-Origin'%20header%20is%20present%20on%20the%20requested%20resource.%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EChecking%20the%20Network%20tab%20I%20can%20confirm%20that%20the%20response%20headers%20of%20my%20GET%20request%20indeed%20don't%20contain%20the%20necessary%20headers%20like%20'%3CSPAN%3EAccess-Control-Allow-Origin'%3A%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2F%5Bour-tenant%5D.sharepoint.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2F%5Bour-tenant%5D.sharepoint.com%3C%2FA%3E.%20However%2C%20the%20OPTIONS%20request%20that's%20also%20being%20fired%20to%20this%20url%2C%26nbsp%3B%3CU%3Edoes%3C%2FU%3E%20contain%20these%20response%20headers.%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EIs%20this%20something%20that%20was%20changed%20on%20Microsoft's%20end%20recently%3F%3C%2FDIV%3E%3CDIV%3ECould%20it%20be%20restored%20to%20its%20original%20configuration%20or%20are%20there%20alternatives%20to%20what%20we're%20trying%20to%20accomplish%3F%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EMark%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1805311%22%20slang%3D%22en-US%22%3ERe%3A%20Sudden%20CORS%20errors%20fetching%20%3CA%20href%3D%22https%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.a%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdweb.wvd.microsoft.com%2Fapi%2Ffeeddiscovery%2Fwebfeeddiscovery.a%3C%2FA%3E%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1805311%22%20slang%3D%22en-US%22%3E%3CP%3EWith%20the%20help%20of%20a%20colleague%20I%20was%20able%20to%20fix%20the%20issue%20myself.%20Apparently%20something%20changed%20on%20the%20service%20end%20that%20now%20requires%20an%20extra%20header%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22markydeparky_0-1603306030616.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F228344i7FAE615DB6FC0D00%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22markydeparky_0-1603306030616.png%22%20alt%3D%22markydeparky_0-1603306030616.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20the%20addition%20of%20this%20header%20the%20request%20is%20now%20again%20successful%3A%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E'X-MS-User-Agent'%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E'com.microsoft.rdc.html%2F1.0.21.9'%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E...%20and%20the%20result%20is%20a%20working%20web%20part%20(or%20widget%2C%20to%20be%20more%20precise)!%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22MicrosoftTeams-image.png%22%20style%3D%22width%3A%20356px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F228345iA0AD55D2D8AE7239%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22MicrosoftTeams-image.png%22%20alt%3D%22MicrosoftTeams-image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We've built a solution (web part) that allows users to launch Windows Virtual Desktop apps and desktops from within SharePoint. For this, we used some of the ideas that were described in following article:

https://srdn.io/2020/05/retrieving-rdp-files-to-leverage-the-new-remote-desktop-client-for-connectin...

 

The first thing we do, from a client's perspective, is fetch the webfeeddiscovery xml from https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspx. We parse the xml and try to read the Tenant Feed Url and then we continue with some other requests to show all apps and desktops in the web part.

 

Up until recently this worked fine and we were able to show the user a list of apps and desktops which he/she has access to and could then open these using a downloaded RDP file.

Unfortunately we're not longer able to use this endpoint because of CORS headers not being present in the response.

When we do a fetch to that webfeeddiscovery.aspx url (or a different url we've had some success with in the past: 

https://rdweb.wvd.microsoft.com/api/arm/feeddiscovery) we get the following message in Chrome:
 
Access to fetch at 'https://rdweb.wvd.microsoft.com/api/feeddiscovery/webfeeddiscovery.aspx' from origin 'https://[our-tenant].sharepoint.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
 
Checking the Network tab I can confirm that the response headers of my GET request indeed don't contain the necessary headers like 'Access-Control-Allow-Origin': https://[our-tenant].sharepoint.com. However, the OPTIONS request that's also being fired to this url, does contain these response headers. 
 
Is this something that was changed on Microsoft's end recently?
Could it be restored to its original configuration or are there alternatives to what we're trying to accomplish?
 
Mark
2 Replies
Highlighted

With the help of a colleague I was able to fix the issue myself. Apparently something changed on the service end that now requires an extra header:

 

markydeparky_0-1603306030616.png

 

With the addition of this header the request is now again successful:

'X-MS-User-Agent': 'com.microsoft.rdc.html/1.0.21.9'
 
... and the result is a working web part (or widget, to be more precise)!
 
MicrosoftTeams-image.png

 

Highlighted

@markydeparky 

aaaaand it's broken again... :cry:

 

Same CORS errors, even with the custom header added.

 

I checked the headers in the regular webclient (at https://rdweb.wvd.microsoft.com/arm/webclient/index.html) and noticed they updated the X-MS-User-Agent header to include a different (newer?) version: 

'X-MS-User-Agent': 'com.microsoft.rdc.html/1.0.21.16'
instead of
'X-MS-User-Agent''com.microsoft.rdc.html/1.0.21.9'
 
I updated the header in my code but this didn't fix it.
 
Please help! This doesn't seem to be the right way to integrate with WVD. But what is, then?
 
Mark