• This email address is being protected from spambots. You need JavaScript enabled to view it.

    Recent items


In the last period, This email address is being protected from spambots. You need JavaScript enabled to view it. and I are working hard with AirWarch environment (in special case AirWatch Browser) and our applications based on SharePoint 2013.

One of the most important (and dangerous) issue is related to the javascript Cross Domain (if you don't know what it's, I''m suggesting you to read this article).

We had a lot of applications that get data, manipulate it and forwarded to other applications from other applications. Unfortunately, all of these applications has their own URLs and a lot of them are in different domains.

We started to analyze the issue finding a workaround that is not impacting our infrastructure too much. Following, the description of the workaround:

  • we created new URLs for the applications in cross domain area in order to have URLs in the form of subdomain. This is an example
    • imagine to have 2 applications: A with URL and application B with If from application A you try to call a WebService or another service via ajax (javascript), AirWach Browser will block it to avoid the issue of cross domain (for security reason)
  • our idea  (and the solution is):
    • create for application B an additional URL like
    • On IIS we added to the bindings of the web application the new URL
    • checked if the application is adding to the response the header "Access-Control-Allow-Origin". We did not have it, so to have it, we created the Global.asax object and into the Global.asax.cs class we added the following code

Show/Hidden csharp code

View source
protected void Application_BeginRequest(object sender, EventArgs e)
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin" , "*");
    if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST");
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
        HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");

Magically, everything started to work fine. With this approach, we are now able to allow applications to communicate each other.

Published in SharePoint