Cross domain requests issue

Mar 2, 2012 at 10:46 AM
Edited Mar 2, 2012 at 11:17 AM

Hello,

Thanks for such a great library ! I'm stuck with cross-domain requests. I have sharepoint page on http://xxxxxx.xxx.xx/site1/ site and trying to make SPService call (request to any web-service) to the http://yyyyy.yyy.yy/site2/ site. I use "webURL" parameter and tried to locate SPServices and jquery libraries on any location as it is proposed here http://sharepoint.stackexchange.com/questions/16456/unable-to-get-data-from-sharepoint-web-service, but without any success so far. It works great when I make calls to the sites within the same domain. I didn't get any errors in fiddler, callback function gets just "error" in xData.statusText and in Status. xData.responseXML is undefined.

Could you please help me?

Mar 2, 2012 at 11:11 AM
Edited Mar 2, 2012 at 11:18 AM

This is a by design browser security mechanism. However, you can use the jQuery.support.cors = true to enable cross-domain queries (Cross Origin Resource Sharing actually). Try it, but handle with care. Your browser must support this feature. Hope this helps.

http://api.jquery.com/jQuery.support/

cors is equal to true if a browser can create an XMLHttpRequest object and if thatXMLHttpRequest object has a withCredentials property. To enable cross-domain requests in environments that do not support cors yet but do allow cross-domain <abbr title="XMLHttpRequest">XHR</abbr>requests (windows gadget, etc), set $.support.cors = true;CORS WD

Mar 2, 2012 at 11:25 AM
Edited Mar 2, 2012 at 11:39 AM

Thank you very much for advise, but I still get the same error. I tried it under IE8, FF9.0.1 and Chrome 17. In chrome debug tool I got:

1) Failed to load resource: http://xxx.xxx.xxx/site1/_vti_bin/Lists.asmx the server responded with a status of 401 (Unauthorized)

2) "XMLHttpRequest cannot load http://xxx.xxx.xxx/site1/_vti_bin/Lists.asmx. Origin http://yyy.yyy.yyy is not allowed by Access-Control-Allow-Origin."

It seems that credentials for SPService call should be set somehow?

Mar 2, 2012 at 3:31 PM

Did you use the withCredentials option?

Mar 2, 2012 at 3:35 PM

No, but as I know, Internet Explorer 8 doesn’t support the withCredentials property, however IE is the main browser for sharepoint users. 

Mar 2, 2012 at 3:47 PM

Yes, and IE 9 is a recommended update in windows update services.

Mar 2, 2012 at 8:44 PM

Could you please help me to figure out how I can use withCredentials option for SPService calls?

Mar 3, 2012 at 12:35 AM

In addition the .cors option, jQuery 1.5 added an option called 'crossDomain' to the .ajax() method... you can set it globally so that SPServices calls will pick it up as well (unless Marc overrides it explicitly on each call)..

Also, remember, you are proving functionality ONLY available in IE....

Paul

Sent from mobile