This post is article 19 from the 30 Articles App series for SharePoint
In this article, I will discuss about Cross-Domain Calls, what are they and how to make it happen for Apps.
What is Cross-Domain Call?
Cross-Site Request Forgery is an attack that tricks the victim into loading a page that contains a malicious request. It is malicious in the sense that it inherits the identity and privileges of the victim to perform an undesired function on the victim’s behalf, like change the victim’s e-mail address, home address, or password, or purchase something. these type of attacks generally target functions that cause a state change on the server but can also be used to access sensitive data.
By default, browsers block this type of communication for security reasons; they don’t want malicious apps to grab data or execute code without users knowing it.
What to do when your app actually wants to make safe and trusted cross-domain call?
The App model for SharePoint and remote-hosting options easily put developers to face cross-domain challenges. So how to achieve this trusted and secure connection? Well SharePoint offers Cross-Domain JS library SP.RequestExecutor.js which you can find in LAYOUTS directory. By utilizing this library, your app can incorporate information from SharePoint into your app and from your app it’s been utilized it to other web apps.
How does it actually work?
Your app will also need permission to make cross-domain calls and also have to have registration for the “allowed domains”.
Check the next article to know more about how to implement cross-domain calls in SharePoint Apps.