Search code examples
office-jsoutlook-addinoffice-addinsoutlook-web-addinsoutlook-restapi

Outlook Addin getting CORS when making request to ewsURL

I have developed an Outlook add-in that makes ajax request to ewsURL.

Here is an exmaple how I do request to ewsUrl:

Office.context.mailbox.getCallbackTokenAsync(function(result) {
  var token = result.value;
  var ewsurl = Office.context.mailbox.ewsUrl;
  var itemId = Office.context.mailbox.item.itemId;
  var envelope = getSoapEnvelope(itemId); // builds soap request

  var xhttp = new XMLHttpRequest();
  xhttp.open("POST", ewsurl, true);
  xhttp.setRequestHeader("Content-type", "application/soap+xml");
  xhttp.setRequestHeader("Authorization", "Bearer " + token);
  xhttp.send(envelope);

  xhttp.onload = function() {
  // never comes here
  };

  xhttp.onprogress = function(event) {
  // never comes here
  };

  xhttp.onerror = function() {
  // COMES HERE IMMEDIATELY and ERROR ABOUT CORS IN CONSOLE
  };
});

that throw me an CORS issue

Access to XMLHttpRequest at 'https://outlook.office365.com/EWS/Exchange.asmx' from origin 'https://myorg.github.io' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

and here is how it looks in console on the network tab

enter image description here

I have included 'https://myorg.github.io' into my manifest in AppDomains

<AppDomains>
  <AppDomain>https://metz-dk.github.io</AppDomain>
</AppDomains>

However that did not change anything.

If I try to do requests from Postman things work as expected and here are response headers (not sure it is helpful)

cache-control: private
transfer-encoding: chunked
content-type: text/xml; charset=utf-8
server: Microsoft-IIS/10.0
request-id: bfac7074-180b-2e3d-2a55-94525741a78d
alt-svc: h3=":443",h3-29=":443"
x-calculatedfetarget: AS9PR06CU014.internal.outlook.com
x-backendhttpstatus: 200; 200
set-cookie: exchangecookie=hash32chars; path=/; secure
x-feproxyinfo: AS9PR06CA0415.EURPRD06.PROD.OUTLOOK.COM
x-calculatedbetarget: AM7P191MB0851.EURP191.PROD.OUTLOOK.COM
x-rum-validated: 1
x-ms-appid: a18de30c-141b-4967-90a6-793df473fcb0
x-ewshandler: GetItem
x-aspnet-version: 4.0.30319
x-besku: WCS6
x-diaginfo: AM7P191MB0851
x-beserver: AM7P191MB0851
x-proxy-routingcorrectness: 1
x-proxy-backendserverstatus: 200
x-feserver: AS9PR06CA0415; GV3P280CA0046
x-firsthopcafeefz: GVX
x-powered-by: ASP.NET
date: Tue, 23 Nov 2021 14:13:22 GMT

Any ideas what could be wrong?

Thanks.

Solution

  • I could not solve the original issue with CORS but instead I followed suggestion from @outlookAdd-insTeam-MSFT and moved logic that pull email to my server (where email have to be stored anyway). So the code runs on server now instead of frontend (addin).