I'm trying to send POST Ajax request for third party service from my Outlook Add-in, but no matter what I tried I receiving Error: Access is denied, and status 0 (request never hit the server).
Assuming we are running IE9 or 8 behind the outlook I tried old school hacks like https://github.com/MoonScript/jQuery-ajaxTransport-XDomainRequest.
$.ajax({
url: endpoint,
data: JSON.stringify({'1':'2'}),
// headers: {'X-Requested-With': 'XMLHttpRequest'},
contentType: 'text/plain',
type: 'POST',
dataType: 'json',
error: function(xhr, status, error) {
// error
}
}).done(function(data) {
// done
});
Is there is something more I need to implement? Of cause I add my domain to manifest AppDomain property.
Cheers
The following needs to be done to send request to 3rd party service ...
Add the service URI to AppDomain list (you've done it.)
The service MUST have SSL endpoint; "https://your.domain" must be included within of "AppDomain" entry (see above)
The service has to allow CORS requests for your application (hosted Outlook App URI) domain or any domain. This is up to the service creators to allow or disallow client apps connections via Ajax.
As of observation of your code I notices you are sending JSON object, but setting content type to "text/plain". Contact the service creators to get information on what type of the data they accept as request. Usually services allow "application/json", but not plain text.
Related
In order to get oData from success factors odata service, I'm trying to setting up a connection between SuccessFactors and SAP BTP by creating a destination as reported in this official guide.
Using postman everything works fine but, once I check the connection of destination previously created, the response received is 401: Unauthorized.
Below the configuration of destination:
Here you can see the properties:
And here the response:
I know that is wrong but, for the sake of curiosity, I've also created a different destination with no authentication. Then directly from code I've developed three nested ajax requests. First provides the assertion, second the user token, third is the one which, leveraging the token, get the odata. Sadly response is always 401: Unauthorized.
Below the code of last ajax request, the other two are good:
// Validate access token
$.ajax({
type: 'GET',
headers: {
"Authorization": "Bearer " + sAccessToken
},
url: '/oauth/validate',
success: function(data){
console.log("Success: ", data);
},
error: function(e){
console.log(e);
}
});
Here the request header:
So not sure how your flow really is. Normaly you would connect to BTP via a SAP Approuter which has a xs-app.json which defines the routes and destinations to use. Then the Approuter would Exchange the internal BTP JWT with a SAML Assertion for Successfactors. If you want to request the authentication infos for yourself via the BTP Destination Service, you have to send a valid BTP JWT to the destination service via the HTTP Header field X-user-token and as a response you would get back a Successfactors OAuth bearer token.
See here
hope it helps
Regards
Mathias
I am new to Office.js API. I am trying to develop Web Add-In for Excel and I need to get data from WebAPI for this I am trying to use ajax but its not working
Here is very simple Ajax code
$.ajax({
url: "http://localhost:61721/api/values",
type: "GET",
dataType:"JSONP",
success: function (data) {
$("#div1").html(JSON.stringify(data));
},
error:function(error){}
});
Update
Is there any alternative way other than Ajax in Office.js through which we can get data from Web API?
From the client, AJAX requests must be send to SSL URIs and those URIs must be declared in AppDomain list of the app manifest. Please refer to: Send POST AJAX request from Office Add-In.
In the same time, if your app has server side portion of code, you may send direct request to any Web API from there. Nobody limit you in technology (REST, microservices, etc.) and nobody check your connection is secure, when using 3rd party resources from your server.
I have simple requirement here to fetch data from Exchange Online EWS API & SharePoint lists and display those data onto HTML page of Apps for Office. This office app should work on OWA (Web mail) as well as Outlook client. I was able to see the response data in browser (OWA - Web mail), but when I am trying to load the same add-in on outlook client it doesn't show the data and gives the error in errorMessage as:
No Transport
So, we did try enabling the CORS using $.support.cors = true as per this thread, but no luck with that and got Access Denied error.
Does anyone have found the solution for this kind of scenario. Any help would be much appreciated.
Below is code snippet where I am getting that error:
$.ajax({
url: "https://myazuretenant.azurewebsites.net/GetData.asmx/GetLocations",
type: "POST",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (data) {
// Data Manipulation goes here
},
error: function (data, errorCode, errorMessage) {
app.showNotification('Error: ' + errorCode + ' - ' + errorMessage);
}
});
Note: Ajax request is going through the generic Web API (ASMX Service), which fetches the data using ExchangeService library (EWS API) and SharePoint.
I am making a JQuery ajax call to a web service like so:
$.ajax({
type: "POST",
url: "https://WebsiteName.com/Service.asmx/LoginExternal",
data: "{loginData: " + JSON.stringify(LoginData) + "}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (msg) {
... Stuff ...
},
error: {
... Error Alert ...
}
});
When I am on the actual web site, this succeeds. When I am on localhost and use a relative path, it succeeds. However, when I am trying to access the web site (using an absolute path) from localhost, I get the error message that the call failed.
This would seem to indicate that it is a permissions problem and I've made sure that the web.config doesn't require authentication for access to the web service but I'm not sure what else to check. Any help would be greatly appreciated!
Update: The "thrownError" that I am getting is "No Transport" - hopefully that helps.
Security:
http://en.wikipedia.org/wiki/Same_origin_policy
Being an unsecured scripting logic, ajax requests made using JavaScript (or JQuery) are stucked on same host, protocol and port, due to unauthenticated and unencrypted requests.
A method for passing requests to a different host, you must implement a bridge service written in a secure language (ex. Java), deployed on same host that passes your requests further to your services, and then passes response to your ajax call.
Your ajax call will be on the bridge service then.
On domain A (localhost:8080) I run this code to access an unauthenticating REST serivce on domain B (localhost):
req = new XMLHttpRequest();
req.open('GET', 'http://localhost/rest/service');
req.send();
This works fine and I do get my response across domains as I have Apache on domain B set the response header:
Header set Access-Control-Allow-Origin "http://localhost:8080"
However if I now turn on authentication for the REST service and try to run the same request:
req.open('GET', 'http://admin:admin#localhost/rest/service');
It now produces this error in Firebug:
Access to restricted URI denied" code: "1012
I'm confused that I am able to sucessfully make cross domain ajax calls to the authenticated service bypassing the same origin policy, yet when authentication is required on the service Firefox decides not to allow the ajax call? How can I fix this without using jsonp etc, as the production server won't be able to provide PHP or Servlet hosting.
It's easy with JQuery 1.5+, which I recommend you use for your JavaScript solution:
$.ajax({
url: 'http://admin:admin#localhost/rest/service',
crossDomain:true, // Here is the JSONP callback logic
success: function(data){
console.log(data); // data is what comes back from your remote file
}
});