POST Requests Throwing 403 Error about sp-rest-proxy HOT 11 CLOSED

Hi Adam,

Thank you for pointing to the case when sp-rest-proxy failed with POST requests.
Long story short:

• _self.spr.requestDigest(url) received digest for a root site from settings
• that digest, for sure, is not valid for sub/web/sites

After a message from you saying that it were sub sites, I applied change and then noticed that what you offered in the email is exactly the same.

After a quick tests:

• endpoint in settings is http://contoso.com/web1, then it's a relative for proxy
• to get list data from sub web11 - /web11/_api/web/getList('/web1/web11/lists/MyList')/items

The thing for discussions and thinking for tasks when embeddable javascript app is developed as stand along, then published to SharePoint is path relativeness.

As it is it will work when siteUrl in settings corresponds to root '/' in SharePoint.
But when it is '/sites/site' then there is some difference in paths outside and inside SharePoint.
My idea is to map host names between and enhanced routing in proxy to deal only with relative paths which exactly the same in SharePoint.

Once again, thank you for assistance!

from sp-rest-proxy.

yes I did, I think you have to run the nodejs server on the same sharepoint server you want to access to

from sp-rest-proxy.

Hi guys,

Сertainly, Node.js server can run anywhere. The proxy itself is mostly for local experiments during a development cycle.
Request digest, when requesting through the proxy, is generated end encapsulated into the POST's request headers automatically.
Post requests for item creation work, well... worked, e.g..

But... Right now, I'm also observing the issue with getting request digest.
Will take a look as soon as I get to the office.

from sp-rest-proxy.

@ATrien,

On the machine, in the office, it worked with as is and with a first try:

$.ajax({
   url: '/_api/web/getList(\'/sites/dev01/Lists/Custom02\')/items', 
   method: 'POST',
   contentType: "application/json;odata=verbose",
   data: JSON.stringify({
       "__metadata": { "type": "SP.Data.Custom02ListItem" },
       "Title": "Created through proxy with $.ajax"
   }),
   success: d => console.log(d), 
   error: e => console.log(e.responseText)
});

// or

fetch('/_api/web/getList(\'/sites/dev01/Lists/Custom02\')/items', { 
    method: 'POST',
    headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        "__metadata": { "type": "SP.Data.Custom02ListItem" },
        "Title": "Created through proxy with fetch"
    })
})
    .then(r => r.json())
    .then(r => console.log(r))
    .catch(err => console.log(err));

What might be... NPM dependencies issue.
During testing on the current machine, the project was cloned and npm install was executed, clean install in other words.

Could you please try to:

• Drop npm_modules folder
• Run npm install inside project's folder
• Try item creation method
• Will it work?

P.S. I've published slightly bit updated (references update) version of sp-rest-proxy. Please try to use latest.

Looking forward hearing from you.

from sp-rest-proxy.

@koltyakov,

I am unfortunately still getting the same error after dropping npm_modules and doing an npm install.

Here is the request that I am sending:

$.ajax({
		url: this.site + '/_api/web/getList(\'/Lists/Test\')/items', 
		method: 'POST',
		contentType: "application/json;odata=verbose",
		data: JSON.stringify({
			"__metadata": { "type": "SP.Data.TestListItem" },
			"Title": "Created through proxy with $.ajax"
		}),
		success: d => console.log(d), 
		error: e => console.log(e.responseText)
	});

Here is the error:

403 - {"error":{"code":"-2130575251, System.Runtime.InteropServices.COMException","message":{"lang":"en-US","value":"The security validation for this page is invalid. Click Back in your Web browser, refresh the page, and try your operation again."}}}

The SP site that I am connecting to is SP2013 on-prem. It is interesting that you had different results from your different machines. I am going to go find the SharePoint logs to see if I can get more info. Let me know if you have other ideas for me to test or require more information.

from sp-rest-proxy.

After numerous experiments switching between different machines and environments (a couple of SPO and On-Prems), I have presumably found the issue. At least I can't reproduce it anymore.

Please try ver. 1.1.12 just published.

The issue, I faced, has been connected with "wizard mode". When private config is empty and the proxy asks for site url, domain, user name and password during starting up. It has been ending up with hashed/wrong password passed to SharePoint.

Maybe it's still something else but I have a feeling this time it should work.
Also, to be sure, please try to recreate _private.conf.json, it's better to recreate the password hash.

from sp-rest-proxy.

Unfortunately still no luck! I can run GET calls all day long so I know the credentials are being passed correctly. Any POST throws the 403 error. I cloned v. 1.1.12 and ran locally to ensure that I am on the current code base:

I also tested against a SharePoint Online site and received the same error. All my research points to the X-RequestDigest but it looks like it is being passed through correctly. The SharePoint logs did not shed any more light on the problem. Any other suggestions? Can you recreate on your non-work machine?

from sp-rest-proxy.

Today is definitely not my day =(

Could you try to:

• take ./config/_private.conf.json
• copy password hash value (UPD: I'm not sure that there will be a hash password there though since the update)
• replace it with raw password
• try request in action

• execute this code in a Node.js console:

var cpass = new (require('cpass'));
console.log(cpass.decode('_password_hash_from_private_config_'));

• will you see your password in output?

Notes:

• In a relative path only the relative /_api/web/so_on uri should be used

• Proxy takes relative uri and concatenate them with context.siteUrl from config

• On non-working machine, I can't reproduce access denied error since 1.1.12 anymore

If nothing helps then going one level deeper:

• Put the script in a test.js file
• Change values in config object
• and run node /test

var config = {
  "siteUrl": "http://server/sites/site",
  "username": "user.name",
  "password": "raw_password",
  "domain": "domain_name"
};

var request = require('sp-request').create(config);

request.get(config.siteUrl + '/_api/web')
    .then(function(response) {
        console.log('Get is OK');
    })
    .catch(function (err) {
        console.log('Get failed');
    });

request.requestDigest(config.siteUrl)
    .then(function(digest) {
        console.log('Digest received', digest);
    })
    .catch(function(err) {
        console.log('Digest failed');
    });

from sp-rest-proxy.

Well shoot, the tests all pass:

C:\source\insiten\sp-rest-proxy\sp-rest-proxy>node test
Get is OK
Digest received 0xA20BADE006A1FBBA154B7009114F2C1857F007A6711F3045B4A844D15DA25D5A7F524017C42F44864CD143CFEE33F598D031E1D15AC0070BF065F371193D92B7,17 Feb 2017 21:39:52 -0000

from sp-rest-proxy.

What about _private.conf.json?
If there will be raw password into it, will it work?

Passed tests, great! It says us that auth + environment are ok. Yeah, I know that Get passed well, but, anyway, it's strange, as Post failed without any reason on the surface.

from sp-rest-proxy.

yes, raw password is in _private.conf.json

from sp-rest-proxy.