Cors issues using sharepoint

Question

i'm trying to query using REST API (sharepoint) and get some results.

this is where i've started

https://www.slideshare.net/CoreyRoth/fives-ways-to-query-share-point-2013-search-sharepoint-summit-toronto-2013, slide 31

this is what i have

document.getElementById("restApi")
            .addEventListener("click", restApi, false);
    function restApi() {

        var queryUrl = "https://myAppDomain.org/_api/search/query?querytext='" + $("#restSearch").val() + "'";

        $.ajax({
            type: "GET",
            url: queryUrl,
            xhrFields: {
                withCredentials: true
            },
            headers: {
                "Accept": "application/json; odata=verbose"
            },
            success: function (data) {
                var results = data.d.query.PrimaryQueryResult.RelevantResults.Table.Rows.results;
            },
            error: function (error) {
            }
        });
    }

this is the problem.

XMLHttpRequest cannot load "https://myAppDomain.org/_api/search/query?querytext=x" No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63734' is therefore not allowed access.

and another way i've tried providing password and username

headers: {
                "Accept": "application/json; odata=verbose",
                "password": "my password",
                "username": "my account name"
            },

for which i get

XMLHttpRequest cannot load https://myAppDomain.org/_api/search/query?querytext=x. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63734' is therefore not allowed access. The response had HTTP status code 401.

I'm using .net webApi, for which i've installed the cors packages, configuration

 // Enabled cors
config.EnableCors(new EnableCorsAttribute("*", "*", "*") { SupportsCredentials = true });

The app are internal and i'm using windows credentials pass and account name.

So why am i getting this error, what do i do wrong?, i've searched and tried other solutions but always get the same problem related to

No 'Access-Control-Allow-Origin' header is present on the requested

Can you show your controller method that you are trying to hit? — Dylan
not trying to hit any controller. i'm requesting from client directly ,,, this is why i'm not sure i event need cors packages, i guess o added in mostly because i wanted to be sure — user6015054
So you dont have control over the Web API? You do not need CORS on the client side. Who ever you are making the request to needs to have to CORS enabled on their side. — Dylan
yes but ,, i'm not a share point developer, is my first interaction with it and i already hate this technology (don't want to say bad things about it). share point is the culprit her, because the cors is enabled on the other side. I used something called CSOM first time, and there are security issues, now i'm trying with Rest API and there are cors issues — user6015054
Haha, yeah not a huge fan either. But I think the key to getting this to work is enabling it on the sharepoint server (however that is done). Hopefully you can lookup some answers on how to get that done. — Dylan

Ivan Sangines Ivan Sangines · Accepted Answer · 2017-02-22T14:55:05

Open IIS
Go to Sites and find your Sharepoint site
Right-click -> Explore
Open web.config

Add the following code inside system.webServer node

<?xml version="1.0" encoding="utf-8"?>
    <configuration>
        <system.webServer>
            <httpProtocol>
               <customHeaders>
                 <add name="Access-Control-Allow-Origin" value="*" />
               </customHeaders>
            </httpProtocol>
        </system.webServer>
   </configuration>

Save and exit

Cors issues using sharepoint

3 Answers