Is the OneDrive support CORS for web-aplication ? RRS feed

  • Question

  • I registered a web application that needs to store data in cloud storage (OneDrive). Why cloud storage server does not include the line "Access-Control-Allow-Origin: redirect domain" in response header?
    Tuesday, February 25, 2014 5:30 PM

All replies

  • Yes, we support CORS.  You can make an OPTIONS request for any path with the Origin and Access-Control-Request-Method headers set.

    The Javascript Web SDK makes these kinds of requests as well behind the scenes in new browsers (e.g. IE10).  You can see this for yourself if you go to http://isdk.dev.live.com in IE10+, click on F12 to bring up the Developer Toolbar, turn on network monitoring, and click on "Using the save to OneDrive picker".

    Carl Hirschman

    Tuesday, February 25, 2014 7:18 PM
  • Ok. I have successfully designed PUT-request. Now I'm writing a program for the GET-request to CORS. I'm using the browser object XMLHttpRequest. OneDrive-server responded (HTTP/1.1 200 OK). But not including the following string "Access-Control-Allow-Origin: redirect domain" in response header. The browser blocked access to attachment (application/json). Which header I did not specify in the GET-request?
    Wednesday, February 26, 2014 12:00 PM
  • Would you be able to share your code?

    Carl Hirschman

    Wednesday, February 26, 2014 11:47 PM
  • <!DOCTYPE html>
    <meta http-equiv="content-type" content="text/html; charset=utf-8">
    <a href="SKD-open.htm">SKD-open.htm</a>
    <div id="downloadFile_div">OneDrive open button to appear here</div>
    <label id="info"></label><br>
    <script type="text/javascript" s_rc="constants.js">
        var APP_CLIENT_ID = "00000000xxxxxxxx";
        var REDIRECT_URL = "http://model.exponenta.ru/.../...-open.htm";
    <script type="text/javascript" src="http://js.live.net/v5.0/ru/wl.js"></script>
    <script type="text/javascript">
    /*jslint bitwise: true, plusplus: true, todo: true, vars: true, white: true */
            client_id: APP_CLIENT_ID,
            redirect_uri: REDIRECT_URL,
            scope: "wl.skydrive", // wl.signin wl.skydrive_update
            response_type: "token"
            name: "skydrivepicker",
            element: "downloadFile_div",
            mode: "open",
            select: "single", // "multi",
            onselected: onFileOpenDialogOk,
            onerror: onLoginOrPickerDecline
        function onFileOpenDialogOk(response) {
            "use strict";
            var msg = "";
            if (!!response.data.files && response.data.files.length > 0) {
                var fileName = response.data.files[0].source,
                    db_CCL = { showAlert : function (message) {
                        document.getElementById("info").innerText = message;
                    xhr = new window.XMLHttpRequest();
                xhr.ontimeout = function () {
                    db_CCL.showAlert('Сервер не ответил на запрос\n(не передал файл ' + fileName + ')');
                xhr.onreadystatechange = function () {
                    if (xhr.readyState !== (xhr.DONE || 4)) { return; }
                    if (xhr.status === 200)         // HTTP-статус ОК
                        var i = 0 | 0, o = window.JSON.parse(xhr.responseText); //responseXML
                    else if (xhr.status === 0)      // HTTP-статус "ошибка сети (запрос к файлу на диске)"
                    { debugger; }
                    else if (xhr.status === 404)    // HTTP-статус "Not Found"
                    { db_CCL.showAlert('Запрошенный файл ' + fileName + ' отсутствует на сервере'); }
                try {
                    xhr.open("GET", fileName, true); // utf-8
                    //xhr.setRequestHeader("AppId", "xxxxxxx");
                    //xhr.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');
                    //xhr.setRequestHeader("Origin", "http://model.exponenta.ru");
                    xhr.timeout = 10000;
                } catch (e) {
                    db_CCL.showAlert(e.message + "\nПрикладной интерфейс запросов к серверу (XMLHTTP)\nотключен в настройках браузера. Скрипт Jigrein4WEB\nне может получить файл " + fileName);
            document.getElementById("info").innerText =
                "Selected folders/files:" + msg;
        function onLoginOrPickerDecline(responseFailed) {
            document.getElementById("info").innerText =
                "Error getting folder/file info: " + responseFailed.error.message;

    Thursday, February 27, 2014 11:39 AM
  • You should try using the WL.api method instead to GET files and folders.

    You should also be able to simplify your code by using the WL.fileDialog method, as shown in the following code sample on the ISDK:


    Carl Hirschman

    Thursday, February 27, 2014 7:01 PM
  • The WL.api method allows to GET info about files and folders-info (info about files != files).

    1. A code example (ISDK) contains functions with the wrong names (getFiles = startCmdDIRonServer, onGetFilesComplete = onResiveDIRlog).
    2. My program should not be download a file (WL.download(..)) to save on user's local disk. I design an web-application that creates data (JSON) and change it in the browser. Data is stored in a browsers localStorage. Gateway to cloud storage (OneDrive) needs to transfer files to other computers (my application is hosted on the passive server).

    Please help me to get the content of the file as text-data for conversion to object in the browser (window.JSON.parse(xhr.responseText)).

    Friday, February 28, 2014 2:38 AM
  • You can try the following:

    (1) Use WL.api to GET <file_id>/content.  In otherwords, add "content" to the path in your GET.  This will return JSON with a "location" property.  This property contains a pre-auth URL to the file contents.

    (2) Use xhr to GET the file via the "location" property.

    Carl Hirschman

    Friday, February 28, 2014 7:35 PM
  • I checked the solution that you suggested. Read the documentation. My conclusion:
    Now 20140301, OneDrive cloud storage server does not support GET-request to CORS for web-aplication (for XMLHttpRequest). Server responded (HTTP/1.1 200 OK). But not including the following string in response header "Access-Control-Allow-Origin: redirect domain". The browser blocked access to attachment.
    Saturday, March 1, 2014 1:13 PM
  • Hi Nikolay

    I'm facing the same issue :

    I'm making a client side app which would put and get files to and from onedrive using REST api.

    These files are encrypted in js side before upload (with crypto.js).

    Thus I would like to download these files 'in memory' as blob to be able to decrypt them before saving to client filesystem.

    I'm figthing against the XmlHttpRequest I'm using to understand why I can see the file coming (using fiddler) but the request failed on JS side.

    seems this header is the answer :(

    did you find a solution or any workaround ?

    Blog Sharepoint : www.paslatek.net Twitter : @LimozinLionel

    Thursday, April 17, 2014 8:24 PM