I have a provider hosted app, deployed to SharePoint Online, with the remote web hosted in an Azure Web App.
The remote web presents an HTML5 form, using CSOM to read data from managed metadata term sets to populate options in select controls, and generates client-side PeoplePicker controls using the PnP PeoplePicker sample JSOM code, which uses the cross-domain library (SP.RequestExecutor.js).
On submit it saves the form data to a list in the host web using CSOM.
The form is presented in an App Part, and key properties (e.g. term store name) are set in and read from the app part properties so the app can work across different environments. To ensure this works there’s some logic which disallows the form to be used outside of the App Part.
This all works perfectly except where the user is using IE and where the host web and the remote web are in different IE security zones. In this case, the form loads just fine, but when the user hits Submit and the postback occurs the error “An error occurred while processing your request” is displayed.
On postback the Page_PreInit method evaluates the redirect status as RedirectionStatus.CanNotRedirect:
That’s because the SharePointContext.CheckRedirectionstatus method detects that there is a parameter called “SPHasRedirectedToSharePoint” in the query string, and returns RedirectionStatus.CanNotRedirect:
I’m fairly sure this is because of calls being made between different IE security zones (but I’m not sure and totally open to other ideas). Sharepoint.com is in Trusted Sites, but azurewebsites.net is not. Putting the host web and the remote web in the same security zone makes the error go away, but that isn’t an acceptable workaround for an enterprise deployment where many users are outside the corp network. The error doesn't occur in Chrome etc, where security zones aren't used.
I tried implementing the ‘apphost pattern’ described at https://msdn.microsoft.com/en-us/library/office/jj612823.aspx. It seems like an awful hack to me. Apart from anything, this involves THREE iFrames (!!!) – one in the App Part, one on the AppHost.aspx page, and another created by SP.RequestExecutor.js. So it’s an iFrame, within an iFrame, within an iFrame. Ugh! In any case I tried it and can’t get it to push the App Part properties through to the AppHost, and then through again to the remote web URL. I need to modify the src of the SPAppIframe control to append the query string parameters representing the App Part properties, but I can’t get this to work. I can’t change the src of the SPAppIFrame control in code behind as I can’t add a reference to Microsoft.SharePoint.dll to the project (SharePoint is not installed on my dev machine, and I believe wouldn’t work anyway as that’s the server-side code… right?).
I tried changing the src using JavaScript, but although the src attribute is successfully changed and the iframe reloads, it reloads using the original URL, without the required query string params. I can’t figure out why that is.
Does anyone have any suggestions for how I can make this work please? I can’t help thinking this can’t (shouldn’t?) be this difficult….!
Thanks, Anthony