Need help on sharepoint 2013 Rest API with Ajax Call

0
votes

Need help on sharepoint 2013 Rest API with Ajax Call.

I am trying to read the list items from publishing site to the team site. Both the sites are in different site collections.

The below code is worksfine in Internet explorer and not in Google chrome. 

$(document).ready(function() {
    $.support.cors = true;
    $.ajax({
        url:"http://icon.heart.com/WorkTools/Organization/Claim/_api/web/lists/getByTitle('Claims Links')/items?$top=200",
        type:"GET",
        headers:{"accept":"application/json;odata=verbose"},
        dataType: "json",
        success: function(data){ alert("pass")}
        error: function(Data){ alert ("Fail");}
    });  
});

The response had Http Status code 401. The error from the $.ajax request is

Failed to load resource : the server responded with a status of 401(unauthorized)

Error 2:

XML HttpRequest Cannot load No 'Access-control-Allow-Origin' header is present on the requested resource. Oringin 'url' is therefore not allowed access.

I don't have access to the servers. I need to try only with Script editor on SharePoint 2013 page.

4
sharepointsharepoint-2010sharepoint-2013
What error is returned by Chrome/Firefox, and what version of IE are you using?Daniel B
@Daniel -- error 1: Failed to load resource : the server responded with a status of 401(unauthorized) error 2: XML HTtpRequest Canot load No 'Access-control-Allow-Origin' header is present on the requested resource. Oringin 'url' is therefor not allowed access. The respinse had Http Status code 401 Unfortunately I dont have access to the servers. I have to fix this with OOB Controls. I am using Script editor in Sharepoint 2013 to run this !! Any idea ?Dhanasekaran G

4 Answers

1
votes

Most likely it occurs since Chrome refuses to set a an Origin header for a CORS request. It won't even let you explicitly override the Origin header. Basically this causes the server to see Origin: null, which results in a 403 in most cases. IE/Firefox apparently has no such constraint.

As a workaround in case of SharePoint On-Premises you could set a custom header in web.config:

<customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>

or specify explicitly domain:

<customHeaders>
    <add name="Access-Control-Allow-Origin" value="http://anotherintra.contoso.com" />
</customHeaders>
0
votes

using OOB scripts, it will not be fixed. the changes need to be done at server side as specified by Vadim Gremyachev. Also it might work in IE8 but in IE10 it will show you a security pop up asking for accessing data from other domain.

0
votes
headers: {
           "Accept": "application/json; odata=verbose",
           "X-RequestDigest": $("#__REQUESTDIGEST").val()
         },

As explained in Work with __REQUESTDIGEST, some requests require to add the request digest. Even, if this is a get request and the explanation on the ms pages is for "non-GET" requests, it solved some unauthorized issues with my api SP GET calls too.

0
votes

It is possible the reason IE works and Chrome does not is due to how the respective browsers handle your credentials. To provide your credentials in chrome add the following code to your $.ajax call.

xhrFields: {
 withCredentials: true
},

see