Cross Domain SPService Request

Oct 15, 2012 at 7:42 PM

Hi All,

I am trying to use the code below.  I am having an issue with all FF and Chome.  I can get this the result of the GetListItems to comeback and display in IE9, but no other browsers.  I looked at the fiddler request for the three (below) and there is only one request with a 401 Unauthorized from FF and Chrome, whereas IE returns the expected result.  I've tried both

including $.support.cors = true;  and crossDomain: true.

But that doesn't resolve the issue.  Based on this post (1), I tried withCredentials -- but even IE comes back with Unauthorized.

(1) - http://spservices.codeplex.com/discussions/347000

<script language="javascript" type="text/javascript">
$(document).ready(function() {
$.support.cors = true;
  $().SPServices({
    operation: "GetListItems",
crossDomain: true,
    async: false,
    listName: "Navigation",
    webURL: "http://domaina.com/Central/",
    CAMLViewFields: "<ViewFields><FieldRef Name='Title' /></ViewFields>",
    completefunc: function (xData, Status) {
      $(xData.responseXML).SPFilterNode("z:row").each(function() {
        var liHtml = "<li>" + $(this).attr("ows_Title") + "</li>";
        $("#tasksUL").append(liHtml);
      });
    }
  });
});
</script>
<ul id="tasksUL"/>

POST /Central/_vti_bin/Lists.asmx HTTP/1.1
Accept: application/xml, text/xml, */*; q=0.01
Content-Type: text/xml;charset='utf-8'
Referer: http://betadev.my.pg.com/Pages/adam.aspx
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/5.0)
Host: dcspd.pg.com
Content-Length: 513
DNT: 1
Connection: Keep-Alive
Pragma: no-cache

Navigation0
HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
SPRequestGuid: 59439aa3-6085-41a6-baa7-9bdef946cb9f
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6123
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 15 Oct 2012 18:33:18 GMT
Content-Length: 0
Proxy-Support: Session-Based-Authentication


------------------------------------------------------------------
POST /Central/_vti_bin/Lists.asmx HTTP/1.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://betadev.my.pg.com/Pages/adam.aspx
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 0
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/5.0)
Host: dcspd.pg.com
DNT: 1
Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/xml;charset='utf-8'


HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
SPRequestGuid: 84069cb6-8aea-409b-b23e-88165e3925a8
WWW-Authenticate: NTLM TlRMTVNTUAACAAAABAAEADgAAAAFgomity4rme8IY2QAAAAAAAAAAIoAigA8AAAABgByFwAAAA9OAEEAAgAEAE4AQQABABgAQgBEAEMALQBTAFAATQBNAFgAMQAwADIABAASAG4AYQAuAHAAZwAuAGMAbwBtAAMALABCAEQAQwAtAFMAUABNAE0AWAAxADAAMgAuAG4AYQAuAHAAZwAuAGMAbwBtAAUADABwAGcALgBjAG8AbQAHAAgArls4jAOrzQEAAAAA
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6123
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 15 Oct 2012 18:33:18 GMT
Content-Length: 0
Proxy-Support: Session-Based-Authentication


------------------------------------------------------------------
POST /Central/_vti_bin/Lists.asmx HTTP/1.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://betadev.my.pg.com/Pages/adam.aspx
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 513
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/5.0)
Host: dcspd.pg.com
DNT: 1
Content-Type: text/xml;charset='utf-8'
Connection: Keep-Alive
Pragma: no-cache
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAH4AAAA0ATQBlgAAAAQABABYAAAAEgASAFwAAAAQABAAbgAAAAAAAADKAQAABYKIogYC8CMAAAAPfxeDx0s7gDJot9FkAL4g3W4AYQBjAG8AaABlAG4ALgBhAC4ANQBXADgALQBDAE8ASABFAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAm2O3QMYbLks9rA3/IDZWrwEBAAAAAAAArls4jAOrzQE+SV8Ch0GCcgAAAAACAAQATgBBAAEAGABCAEQAQwAtAFMAUABNAE0AWAAxADAAMgAEABIAbgBhAC4AcABnAC4AYwBvAG0AAwAsAEIARABDAC0AUwBQAE0ATQBYADEAMAAyAC4AbgBhAC4AcABnAC4AYwBvAG0ABQAMAHAAZwAuAGMAbwBtAAcACACuWziMA6vNAQYABAACAAAACAAwADAAAAAAAAAAAQAAAAAQAAC9AO7cln44OKWu43Y1ygiaaTBuxWmbCnCMWW/yCevXJwoAEAAAAAAAAAAAAAAAAAAAAAAACQAiAEgAVABUAFAALwBkAGMAcwBwAGQALgBwAGcALgBjAG8AbQAAAAAAAAAAAAAAAAA=

Navigation0
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
SPRequestGuid: a70d5330-9178-46de-8a2c-912f39e2dcfb
X-SharePointHealthScore: 0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6123
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 15 Oct 2012 18:33:18 GMT
Content-Length: 829


OPTIONS /Central/_vti_bin/Lists.asmx HTTP/1.1
Host: dcspd.pg.com
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://betadev.my.pg.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4
Access-Control-Request-Headers: origin, content-type, accept
Accept: */*
Referer: http://betadev.my.pg.com/pages/adam.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3


HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
SPRequestGuid: f2fb4d70-dfef-4780-a7bc-513bf8a86188
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6123
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 15 Oct 2012 18:34:23 GMT
Content-Length: 0
Proxy-Support: Session-Based-Authentication

OPTIONS /Central/_vti_bin/Lists.asmx HTTP/1.1
Host: dcspd.pg.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Origin: http://domaina.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Pragma: no-cache
Cache-Control: no-cache


HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
SPRequestGuid: 3d49d4fd-2c5f-4617-b27e-1f6697d13c0d
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6123
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 15 Oct 2012 18:35:46 GMT
Content-Length: 0
Proxy-Support: Session-Based-Authentication


POST /Central/_vti_bin/Lists.asmx HTTP/1.1
Accept: application/xml, text/xml, */*; q=0.01
Content-Type: text/xml;charset='utf-8'
Referer: http://domaina.com/Pages/adam.aspx
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/5.0)
Host: domainb.com
Content-Length: 513
DNT: 1
Connection: Keep-Alive
Pragma: no-cache

Navigation0
HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
SPRequestGuid: 59439aa3-6085-41a6-baa7-9bdef946cb9f
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6123
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 15 Oct 2012 18:33:18 GMT
Content-Length: 0
Proxy-Support: Session-Based-Authentication


------------------------------------------------------------------
POST /Central/_vti_bin/Lists.asmx HTTP/1.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://domaina.com/Pages/adam.aspx
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 0
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/5.0)
Host: domainb.com
DNT: 1
Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/xml;charset='utf-8'


HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
SPRequestGuid: 84069cb6-8aea-409b-b23e-88165e3925a8
WWW-Authenticate: NTLM TlRMTVNTUAACAAAABAAEADgAAAAFgomity4rme8IY2QAAAAAAAAAAIoAigA8AAAABgByFwAAAA9OAEEAAgAEAE4AQQABABgAQgBEAEMALQBTAFAATQBNAFgAMQAwADIABAASAG4AYQAuAHAAZwAuAGMAbwBtAAMALABCAEQAQwAtAFMAUABNAE0AWAAxADAAMgAuAG4AYQAuAHAAZwAuAGMAbwBtAAUADABwAGcALgBjAG8AbQAHAAgArls4jAOrzQEAAAAA
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6123
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 15 Oct 2012 18:33:18 GMT
Content-Length: 0
Proxy-Support: Session-Based-Authentication


------------------------------------------------------------------
POST /Central/_vti_bin/Lists.asmx HTTP/1.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://domaina.com/Pages/adam.aspx
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 513
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; WOW64; Trident/5.0)
Host: domainb.com
DNT: 1
Content-Type: text/xml;charset='utf-8'
Connection: Keep-Alive
Pragma: no-cache
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAH4AAAA0ATQBlgAAAAQABABYAAAAEgASAFwAAAAQABAAbgAAAAAAAADKAQAABYKIogYC8CMAAAAPfxeDx0s7gDJot9FkAL4g3W4AYQBjAG8AaABlAG4ALgBhAC4ANQBXADgALQBDAE8ASABFAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAm2O3QMYbLks9rA3/IDZWrwEBAAAAAAAArls4jAOrzQE+SV8Ch0GCcgAAAAACAAQATgBBAAEAGABCAEQAQwAtAFMAUABNAE0AWAAxADAAMgAEABIAbgBhAC4AcABnAC4AYwBvAG0AAwAsAEIARABDAC0AUwBQAE0ATQBYADEAMAAyAC4AbgBhAC4AcABnAC4AYwBvAG0ABQAMAHAAZwAuAGMAbwBtAAcACACuWziMA6vNAQYABAACAAAACAAwADAAAAAAAAAAAQAAAAAQAAC9AO7cln44OKWu43Y1ygiaaTBuxWmbCnCMWW/yCevXJwoAEAAAAAAAAAAAAAAAAAAAAAAACQAiAEgAVABUAFAALwBkAGMAcwBwAGQALgBwAGcALgBjAG8AbQAAAAAAAAAAAAAAAAA=

Navigation0
HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
SPRequestGuid: a70d5330-9178-46de-8a2c-912f39e2dcfb
X-SharePointHealthScore: 0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6123
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 15 Oct 2012 18:33:18 GMT
Content-Length: 829


OPTIONS /Central/_vti_bin/Lists.asmx HTTP/1.1
Host: domainb.com
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://domaina.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4
Access-Control-Request-Headers: origin, content-type, accept
Accept: */*
Referer: http://domaina.com/pages/adam.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3


HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
SPRequestGuid: f2fb4d70-dfef-4780-a7bc-513bf8a86188
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6123
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 15 Oct 2012 18:34:23 GMT
Content-Length: 0
Proxy-Support: Session-Based-Authentication

OPTIONS /Central/_vti_bin/Lists.asmx HTTP/1.1
Host: domainb.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Origin: http://domaina.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Pragma: no-cache
Cache-Control: no-cache


HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
SPRequestGuid: 3d49d4fd-2c5f-4617-b27e-1f6697d13c0d
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6123
X-MS-InvokeApp: 1; RequireReadOnly
Date: Mon, 15 Oct 2012 18:35:46 GMT
Content-Length: 0
Proxy-Support: Session-Based-Authentication

Oct 16, 2012 at 3:03 AM
I don't think those browsers support cross domain scripting. IE does but only after a warning and the URL has to be in the same intranet (I think). My advice is to not rely on that method unless jsonp is supported by the remote server.

_____
Paul

Sent from mobile device.