Blogger

  • This email address is being protected from spambots. You need JavaScript enabled to view it.

    Recent items

Login

Friday, 20 January 2017 23:06

Workaround for javascript Cross Domain calls through AirWatch Browser in SharePoint

Written by
Rate this item
(0 votes)

In the last period, This email address is being protected from spambots. You need JavaScript enabled to view it. and I are working hard with AirWarch environment (in special case AirWatch Browser) and our applications based on SharePoint 2013.

One of the most important (and dangerous) issue is related to the javascript Cross Domain (if you don't know what it's, I''m suggesting you to read this article).

We had a lot of applications that get data, manipulate it and forwarded to other applications from other applications. Unfortunately, all of these applications has their own URLs and a lot of them are in different domains.

We started to analyze the issue finding a workaround that is not impacting our infrastructure too much. Following, the description of the workaround:

  • we created new URLs for the applications in cross domain area in order to have URLs in the form of subdomain. This is an example
    • imagine to have 2 applications: A with URL http://tetris.contoso.com and application B with http://pacman.contoso.com. If from application A you try to call a WebService or another service via ajax (javascript), AirWach Browser will block it to avoid the issue of cross domain (for security reason)
  • our idea  (and the solution is):
    • create for application B an additional URL like http://pacman.tetris.contoso.com.
    • On IIS we added to the bindings of the web application the new URL
    • checked if the application is adding to the response the header "Access-Control-Allow-Origin". We did not have it, so to have it, we created the Global.asax object and into the Global.asax.cs class we added the following code

Show/Hidden csharp code

View source
 
 
 
protected void Application_BeginRequest(object sender, EventArgs e)
{
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin" , "*");
    if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
    {
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST");
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
        HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
        HttpContext.Current.Response.End();
    }
}
 
 
 

Magically, everything started to work fine. With this approach, we are now able to allow applications to communicate each other.

Read 830 times Last modified on Tuesday, 24 January 2017 22:03

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.