Request header field SdkVersion is not allowed by Access-Control-Allow-Headers in preflight response

[jasontianxie]

hi,
when i send a request to download a file :GET /me/drive/items/{item-id}/content
it will get an error :Request header field SdkVersion is not allowed by Access-Control-Allow-Headers in preflight response.

in request header:
SdkVersion:graph-js-1.2.0

[muthurathinam]

@jasontianxie From where you are making your request ? is your Origin and Referer request headers are set ?
876750

[jasontianxie]

i make the reqest in web client side ,it is like this:
this.onedrive = MicrosoftGraph.Client.init({
authProvider: (done) => {
done(null, response.data[0].access_token);
}
});

this.onedrive.api('/me/drive/items/' + params.id + '/content').get().then.....

the request headers are :

Accept:/
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Authorization:Bearer EwBQA8l6BAAURSN/FHlDW5xN74t6GzbtsBBeBUYAATZ4.....
Cache-Control:no-cache
Connection:keep-alive
Host:graph.microsoft.com
Origin:https://online.jason.zencoo.com
Pragma:no-cache
Referer:https://online.jason.zencoo.com/_/4.9.47/..../index.html
SdkVersion:graph-js-1.2.0
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

[muthurathinam]

@jasontianxie
Can you provide me some more details.

1. Response headers for this get() request.
2. If there is a redirect request following this request, provide Request and Response headers
   (Note: Hide the Authorization header in your response).
3. Screen shot of console error if any.

[jasontianxie]

@muthurathinam
here are the infomations

1、Response headers for this get() request.
Generral：

Request URL:https://graph.microsoft.com/v1.0/me/drive/items/..../content
Request Method:GET
Status Code:302 Found
Remote Address:20.190.145.177:443
Referrer Policy:no-referrer-when-downgrade

Response headers:

Access-Control-Allow-Origin:*
Access-Control-Expose-Headers:ETag, Location, Preference-Applied, Content-Range, request-id, client-request-id
Cache-Control:private
client-request-id:3a2fbc2b-3ef0-4210-91be-12978dc6b67e
Content-Type:text/plain
Date:Tue, 11 Sep 2018 01:42:35 GMT
Duration:1283.9733
Location:https://public.ch.files.1drv.com/...../Getting%20started%20with%20OneDrive.pdf
request-id:3a2fbc2b-3ef0-4210-91be-12978dc6b67e
Strict-Transport-Security:max-age=31536000
Transfer-Encoding:chunked
x-ms-ags-diagnostic:{"ServerInfo":{"DataCenter":"South India","Slice":"SliceC","Ring":"4","ScaleUnit":"000","Host":"AGSFE_IN_6","ADSiteName":"INS"}}

2、redirect request headers

:authority:public.ch.files.1drv.com
:method:OPTIONS
:path:/..../Getting%20started%20with%20OneDrive.pdf
:scheme:https
accept:/
accept-encoding:gzip, deflate, br
accept-language:en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
access-control-request-headers:authorization,sdkversion
access-control-request-method:GET
cache-control:no-cache
origin:null
pragma:no-cache
referer:https://online.jason.zencoo.com/_/..../index.html
user-agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

3、redirect response headers

access-control-allow-headers:Accept, Application, Authorization, Content-Range, Content-Type, If-Match, If-None-Match, Overwrite, Prefer, Range, X-HTTP-Method-Override, X-RequestStats, X-TransactionId, X-Upload-Content-Length, MS-CV, RequestFacts
access-control-allow-methods:GET, POST, DELETE, PATCH, PUT, HEAD, MOVE, COPY
access-control-allow-origin:null
access-control-expose-headers:Content-Range, ETag, Location, Preference-Applied, X-Resource-ID, X-ClientErrorCode
access-control-max-age:2592000
content-length:0
date:Tue, 11 Sep 2018 01:42:36 GMT
p3p:CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
status:200
strict-transport-security:max-age=31536000; includeSubDomains
x-asmversion:UNKNOWN; 19.134.826.2008
x-msedge-ref:Ref A: 76017A7709E44141B1047628357AAD0C Ref B: HK2EDGE1113 Ref C: 2018-09-11T01:42:36Z
x-msnserver:CH1AAP69242E46E

4、console error：
Failed to load https://public.ch.files.1drv.com/..../Getting%20started%20with%20OneDrive.pdf: Request header field SdkVersion is not allowed by Access-Control-Allow-Headers in preflight response.

[J3remyD]

Hello,

I have the same issue ! Do we have an ETA on that ?

Thanks,
Jérémy

[muthurathinam]

Downloading content from OneDrive

Hello @jasontianxie @J3remyD,

To download files from OneDrive in a JavaScript app you cannot use the /content API, since this responds with a 302 redirect. A 302 redirect is explicitly prohibited when a CORS preflight is required, such as when providing the Authorization header.

Instead, your app needs to select the @microsoft.graph.downloadUrl property, which returns the same URL that /content would have redirected to. This URL can then be requested directly using XMLHttpRequest. Because these URLs are pre-authenticated they can be retrieved without a CORS preflight request.

Example

To retrieve the download URL for a file, first make a request that includes the @microsoft.graph.downloadUrl property. This returns the download URL for a file in the response and you can retrieve the file with URL provided in @microsoft.graph.downloadUrl .

    client.api(`/me/drive/items/${itemId}`)
            .get()
            .then((response) => {
                downloadURL = response["@microsoft.graph.downloadUrl"];
                window.location.href = downloadURL;
            });

[J3remyD]

Helli @muthurathinam,

thank you very muche man, it works like a charm !!! :)

[jasontianxie]

@muthurathinam thanks

[muthurathinam]

Closing this thread.