I ran into this issue recently and ,although in hindsight I feel like it should have been obvious, it might save someone else some time.
I was working on an AngularJS form in a SharePoint Content Editor Web Part and part of that required making a call to the API for a help desk application. I started off creating this in our Dev environment and I ended up not being able to call the API directly due to cross-domain calls not being allowed from JavaScript. Since I didn't have control over the API to configure CORS I created a web service in our domain that made the API call. Due to something in the way our network is configured I ended up having to enable CORS anyway but everything ended up working great in Dev.
After the users tested and approved everything I deployed to Prod. Of all the possible issues I could have, the one I didn't expect was for the web service call to fail. I didn't even have to change the url in the code. When I debugged I was getting a forbidden error. I double checked that I had CORS enabled since some time had passed. I was also looking into whether something in the network might be causing the issue because, while our Dev environment is in house, the Prod environment is hosted elsewhere. One thing I found strange was the in trying to view the call in Fiddler, I couldn't even see it. Trying again in Dev Fiddle did pick up the call.
After pulling out my hair for a while I finally realized that Prod uses a secure connection while Dev doesn't and the web server that was hosting the web service was also not secure. I asked our server guy if he could install an ssl cert on the web server and after he did that and I updated the url in my code everything worked perfectly.
The thing that made this take longer to figure out was that I thought from the error that I was getting a 403 Forbidden from the web server but it was the browser preventing me from making a call to an unsecured web service and that is why Fiddler didn't show the call because there was no call. I just wish the error had been clearer, it would have saved me a lot of time.
-Z
A blog about programming, technology and whatever else comes to mind.
No comments:
Post a Comment