CORS usage

Navya Canumalla edited this page May 5, 2018 · 2 revisions

To make CORS API calls, you need to specify the list of API endpoints in the endpoints config option.

Example Angular JS snippet:

// endpoint to resource mapping
var endpoints = {
    "https://yourhost/api": "b6a68585-5287-45b2-ba82-383ba1f60932",

        tenant: "52d4b072-9470-49fb-8721-bc3a1c9912a1", // Optional by default, it sends common
        clientId: "e9a5a8b6-8af7-4719-9821-0deef255f68e", // Required
        endpoints: endpoints  // If you need to send CORS API requests.
    $httpProvider   // pass http provider to inject request interceptor to attach tokens

ADAL's interceptor gets the access tokens using a hidden Iframe for the given CORS API endpoints. The Iframe accesses cookies for the same domain that you did the initial sign in.

Note: Since IE does not allow to access cookies in an IFrame for localhost, your URL needs to be a fully qualified domain i.e Chrome does not have this restriction.

The app code calling the API needs to be as shown below. Note that in your API project, you must enable CORS API support to receive pre-flight requests.

'use strict';
app.factory('contactService', ['$http', function ($http) {
    var serviceFactory = {};

    var _getItems = function () {
        $http.defaults.useXDomain = true;
        delete $http.defaults.headers.common['X-Requested-With'];
        return $http.get('');

    serviceFactory.getItems = _getItems;

    return serviceFactory;

You can check out this full sample for a CORS API example.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.