CORS issue to access the SharePoint service within the SharePoint app.

VERIFIED INCOMPLETE

Status

()

Core
DOM: Security
VERIFIED INCOMPLETE
a year ago
a year ago

People

(Reporter: Subodh Kumar, Unassigned, NeedInfo)

Tracking

38 Branch
Unspecified
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Steps to reproduce:

We are creating a SharePoint hosted app with Client AppPart. I am calling "User Profile Service" from SharePoint services to get the user information. But Unfortunately I am getting security issue on Mozilla and Chrome. While the same code is working on Microsoft Internet Explorer Browser. 

The error message is showing on Mozilla as below:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://one.aon.net/_vti_bin/userprofileservice.asmx. (Reason: CORS header 'Access-Control-Allow-Origin' missing). <unknown>
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://one.aon.net/_vti_bin/userprofileservice.asmx. (Reason: CORS request failed).  


Actual results:

Getting security related error and not getting any results from SharePoint User Profile service. The error is as below:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://one.aon.net/_vti_bin/userprofileservice.asmx. (Reason: CORS header 'Access-Control-Allow-Origin' missing). <unknown>
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://one.aon.net/_vti_bin/userprofileservice.asmx. (Reason: CORS request failed).


Expected results:

User information should get back from SharePoint service and security exception should not occurred.
(Reporter)

Updated

a year ago
Severity: normal → critical
OS: Unspecified → Windows 7
Priority: -- → P1

Updated

a year ago
Severity: critical → normal
Component: Untriaged → DOM: Security
Priority: P1 → --
Product: Firefox → Core
Summary: Issue to access the SharePoint service within the SharePoint app. → CORS issue to access the SharePoint service within the SharePoint app.
If both Firefox and Chrome are behaving the same way then it's likely that your app is not using CORS headers correctly. But without a working site to test against it's hard to say.
Flags: needinfo?(prajapati_subodh)
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → INCOMPLETE
We can reopen this if the reporter gets back to us.
(Reporter)

Comment 3

a year ago
I am from AON Hewitt. We are facing this issue on our company intranet environment. So it is very difficult to provide the live environment for this issue. If you want the pice of code that I can send to you.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.