How to get token to fire ews soap request using fetch in exchange onprem setup?
I am currently developing an Outlook add-in for an Exchange On-Premises environment and have encountered a limitation with attachment management, specifically around deleting attachments. Context: Environment: Exchange On-Premises (On-Prem) Target: Outlook Web App (OWA) Office.js Version Supported: <= 1.5 (limited feature set) Problem Details: Limitation of makeEWSRequestAsync: The makeEWSRequestAsync method in Office.js does not support the DeleteAttachment SOAP operation, which is required for my scenario. Attempted Workaround - Using fetch with EWS SOAP Request: I tried invoking the DeleteAttachment operation manually via a fetch call to the EWS endpoint. However, this requires a valid authentication token. The challenge is: I am unable to retrieve a valid token from Office.js in the Exchange On-Premises setup. Methods like Office.context.mailbox.getCallbackTokenAsync do not seem to provide usable tokens for this purpose. OWA Limitation: As OWA in this environment only supports Office.js up to version 1.5, the modern attachment APIs and Graph APIs are not an option. Question: In an Exchange On-Premises scenario, how can I programmatically delete attachments via my add-in? Specifically, is there a recommended approach to obtain a valid token for EWS requests, or any supported alternative to perform DeleteAttachment? If direct deletion is not supported in this environment, are there known workarounds or roadmap plans for better attachment handling in on-premises setups? Additional Notes: I am aware that Exchange Online supports more modern APIs (Graph/REST), but my current deployment is strictly Exchange On-Premises. The add-in works well for reading attachments and other operations, except for deletion. Any guidance or recommendations would be highly appreciated! Thank you in advance.
Outlook Web App (OWA) On-Premise without cloud integration
What needs to be done to operate Outlook Web App (OWA) On-Premise without cloud integration? It seems some people have asked this question for years but never got an answer. Examples: https://social.msdn.microsoft.com/Forums/ie/en-US/bcfb19d0-c8df-447c-a9a2-3b2bca8fcb4c/exchange2016-using-owa-internally-request-for-7-js-files-from-appsforofficemicrosoftcom?forum=exchangesvrdevelopment https://social.technet.microsoft.com/Forums/security/he-IL/06f5564d-bcb8-4b33-bcc8-da64fd8ccc79/content-security-policy-disable-access-to-appsforofficemicrosoftcom-in-outlook-web-app?forum=exchangesvrdevelopment When I use OWA On-Premise Microsoft Edge reports errors on the developer console (Hotkey [F12]): "Refused to load the stylesheet 'https://appsforoffice.microsoft.com/lib/1/hosted/office.js' because it violates the following Content Security Policy directive: "default-src 'self' data: 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.