This project has moved and is read-only. For the latest updates, please go here.

Cross Domain Resource Sharing (CORS) & iOS HTML5 pages....

Feb 20, 2013 at 3:40 PM
Hi Marc,

We are planning on writing staright HTM5 pages that will be used on iOS devices. These pages will live on a sever that is in a different domain than our SharePoint server. I have a few questions about this scenario:
  1. Will we run into the CORS issue when making calls SharePoint's Web Services using SPServices?
  2. If there is a way around the CORS issue for SPServices, will the same work around work for the REST SharePoint services?
  3. Have you had any experinece using SPServices on iOS? Anything we need to watch out for?
Thanks for your help, love the library!
Feb 22, 2013 at 5:31 PM
Sorry for the delay in replying, Marcel.

I haven't done any calls from iOS, but several people have posted in these forums about it.

Using SPServices doesn't get you around any cross domain "issues". They aren't issues, they are security features. You will have to work with your network folks (yeah, have fun) to find out what level of trust that are willing to implement to help support you. SPServices won't be the barrier.

Feb 22, 2013 at 5:50 PM
As Marc said, SPServices won't have an impact on the cross domain security barriers. Most browsers will prevent scripting of those calls regardless of the connection method you employ. That said, some methods work better than others. JavaScript/jQuery cross domain calls to web services typically don't work well unless you're calling custom web services and have full trust solutions in place. I've seen better luck calling REST and parsing the output than using jQuery to call SOAP.

I've "circumvented" some of those restrictions by storing my JavaScript on the SharePoint system. If you load your JavaScript files from the domain you'll be making the web service call to, technically the scripts live on the same domain and it's less of a problem (unless there's some other firewall rules in place between domains). If they're truly separate domains you also have to deal with full or one-way AD trusts to make sure the correct authentication happens on the SharePoint side.

Custom app on loads its' jQuery and JavaScript from a library (or /_layouts) on, and calls SOAP services.