Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OneDrive oAuth token request gets CORS error

Tags:

onedrive

I'm working on an single page application that also needs offline access to Microsoft OneDrive. Accordingly I direct the user to authenticate with OneDrive using the code flow method.

The code is successfully retrieved by the application, but when a call is made to https://login.live.com/oauth20_token.srf the request fails with a CORS error.

See attached image for the HTTP headers from my javascript console on Chrome. The response from the server is missing the header

Access-Control-Allow-Origin: which causes a CORS error

How do I enable CORS access for my app? I don't see any options in the developer console?

Thanks! enter image description here

like image 342
yegodz Avatar asked Sep 02 '25 17:09

yegodz

2 Answers

You should be able to make authenticated requests with CORS to the OneDrive API's after you've received the access_token. From the HTTP headers provided, it looks like you'll need to perform one more call to redeem the code for an access token. You might want to see http://onedrive.github.io/auth/msa_oauth.htm (step 2). After you've received the access token, you will want to add the access token in the "Authorization" header of your request. Example of the HTTP request using CORS and response header below. I hope that helps.

var xhr = new XMLHttpRequest();
var oauthAccessToken = accessTokenStoredHere();
xhr.open('GET',
  'https://api.onedrive.com/v1.0/drive/');
xhr.setRequestHeader('Authorization',
  'Bearer ' + oauthAccessToken);
xhr.send();
GET /v1.0/drive/ 
HTTP/1.1
Authorization:Bearer YOUR_ACCESS_TOKEN
Host:api.onedrive.com
X-Target-URI:https://api.onedrive.com
Connection:Keep-Alive
like image 72
Toan-Nguyen Avatar answered Sep 07 '25 21:09

Toan-Nguyen

Right now seems that there are no ways to fix this problem, but I found a work-around for developers.

If you are using Chrome as your browser, you can download this extension, and enable it when you are trying to authenticate. However, I don't think you want to ask the users to download this extension since this will sometimes cause security issue, and enabling it all the time will cause errors when you are using other sites (try Google or Facebook, Google will simply crash the website, and Facebook will prompts you something wrong).

As a result, you may want to try the other flow type. Code flow seems to be working on other platforms other than in the browser.

like image 41
Anoxic Avatar answered Sep 07 '25 21:09

Anoxic

Sign in to Comment

Related questions

How to download read-only recordings on Teams

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!