有这样一个问题:我如何从另一台主机,另一台服务器,但在同一域内,对Sharepoint 2013/2016 REST api进行REST调用。
默认情况下,CORS策略将拒绝任何不来自同一主机的请求。
我正在尝试从其他主机检索一些执行AJAX REST请求的信息。
谢谢!
答案 0 :(得分:0)
启用SharePoint配置以启用跨域访问。
以下脚本由Ingo Karstein here
共享Add-PSSnapin Microsoft.SharePoint.PowerShell -EA 0
$localFarm = Get-SPFarm
$webapp = Get-SPWebApplication "http://sp:12001"
# Remove old web.config modifications of MyAuthenticationProvider
$oldMods = @();
$webapp.WebConfigModifications | ? { $_.Owner -eq "CrossSiteScripting" } | % {
$oldMods = $oldMods + $_
}
$oldMods | % {
$webapp.WebConfigModifications.Remove($_)
}
# update the Web Application and apply all existing web.config modifications - this executes the "remove" actions from above
$webapp.Update()
[Microsoft.SharePoint.Administration.SPWebService]::ContentService.ApplyWebConfigModifications()
#Wait until web.config modifications finished by timer job
while( (Get-SPTimerJob | ? { $_.Name -eq "job-webconfig-modification"}) -ne $null ) {
Write-Host "." -NoNewline
Start-Sleep 1
}
# New web.config modifications for MyAuthenticationProvider
$myModification1 = new-object Microsoft.SharePoint.Administration.SPWebConfigModification
$myModification1.Path = "configuration/system.webServer/httpProtocol/customHeaders"
$myModification1.Name = "add[@name='Access-Control-Allow-Origin'][@value='http://wfm:13002']"
$myModification1.Sequence = 0
$myModification1.Owner = "CrossSiteScripting"
#0 = for the enum value "SPWebConfigModification.SPWebConfigModificationType.EnsureChildNode"
$myModification1.Type = 0
$myModification1.Value = "<add name='Access-Control-Allow-Origin' value='http://wfm:13002' />"
$webapp.WebConfigModifications.Add($myModification1)
$myModification1 = new-object Microsoft.SharePoint.Administration.SPWebConfigModification
$myModification1.Path = "configuration/system.webServer/httpProtocol/customHeaders"
$myModification1.Name = "add[@name='Access-Control-Request-Method'][@value='GET,POST,HEAD,OPTIONS']"
$myModification1.Sequence = 0
$myModification1.Owner = "CrossSiteScripting"
$myModification1.Type = 0
$myModification1.Value = "<add name='Access-Control-Request-Method' value='GET,POST,HEAD,OPTIONS' />"
$webapp.WebConfigModifications.Add($myModification1)
$myModification1 = new-object Microsoft.SharePoint.Administration.SPWebConfigModification
$myModification1.Path = "configuration/system.webServer/httpProtocol/customHeaders"
$myModification1.Name = "add[@name='Access-Control-Request-Headers'][@value='Content-Type,Authorization']"
$myModification1.Sequence = 0
$myModification1.Owner = "CrossSiteScripting"
$myModification1.Type = 0
$myModification1.Value = "<add name='Access-Control-Request-Headers' value='Content-Type,Authorization' />"
$webapp.WebConfigModifications.Add($myModification1)
$myModification1 = new-object Microsoft.SharePoint.Administration.SPWebConfigModification
$myModification1.Path = "configuration/system.webServer/httpProtocol/customHeaders"
$myModification1.Name = "add[@name='Access-Control-Allow-Credentials'][@value='true']"
$myModification1.Sequence = 0
$myModification1.Owner = "CrossSiteScripting"
$myModification1.Type = 0
$myModification1.Value = "<add name='Access-Control-Allow-Credentials' value='true' />"
$webapp.WebConfigModifications.Add($myModification1)
$webapp.Update()
[Microsoft.SharePoint.Administration.SPWebService]::ContentService.ApplyWebConfigModifications()
#Wait until web.config modifications finished by timer job
while( (Get-SPTimerJob | ? { $_.Name -eq "job-webconfig-modification"}) -ne $null ) {
Write-Host "." -NoNewline
Start-Sleep 1
}
我的测试结果:
<!DOCTYPE html>
<html>
<head>
<title></title>
<meta charset="utf-8" />
</head>
<body>
<input id="Button1" type="button" onclick="getListItems()" value="button" />
<script type="text/javascript" src="https://code.jquery.com/jquery-1.12.4.js"></script>
<script type="text/javascript">
function getListItems() {
var dataEndPoint = "http://sp:12001/_api/web/lists/getbytitle('Versions')/items";
$.ajax({
url: dataEndPoint,
type: "GET",
headers: {
"Accept": "application/json;odata=verbose"
},
crossDomain: true,
xhrFields: { withCredentials: true },
success: function (data) {
alert(data.d.results.length);
},
error: function (response) {
alert("Error");
}
})
}
</script>
</body>
</html>