Office 365 and OneDrive APIs Now have CORS Support: Key for JavaScript Apps

JavaScript, by default, implements a “Same Origin Policy’”, which means that JavaScript can only make calls back to its originating domain.  For application developers using JavaScript to call external services through REST APIs, this is a big limitation as these services can live anywhere on the Internet across multiple domains.

Cross-origin Resource Sharing (CORS) is a standard mechanism to allow JavaScript applications to make call across domains.  The specification defines a set of headers in the HTTP call that allow the browser and the server to negotiate authorization as requests cross domains. 

Microsoft has just announced that CORS support is now available for Office 365 APIs, specifically the Sites APIs and the OneDrive APIs.  Mail/Calendar/Contacts APIs will support CORS soon.

The support for CORS is an ongoing evolution of the Office 365 APIs to support JavaScript and frameworks such as AngularJS as first class programming frameworks and to remove the need for server side code to work with Office 365 from your JavaScript code.