Error Access to XMLHttpRequest at "http"rom origin has been blocked by CORS policy - Graph API -

Patrick Rote 101 Reputation points

Hi All,
I would like to retrieve list of recent files from a particular document library or site for the logged on user

This is using a content editor on a sharepoint classic site

When i run the code below i get error

Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Using the code below to get an access token and i get the error above

var token;  
$(document).ready(function () {  

function requestToken() {  
    var clientId = ""
    var clientSecret = ""
    var tenantID = ""
    var uri = ""+ tenantID + "/oauth2/v2.0/token"

        "async": true,  
        "crossDomain": true,  
        "url": "", // Pass your tenant 

        "method": "POST",  
        "headers": {  
            "content-type": "application/x-www-form-urlencoded"  
        "data": {  
            "grant_type": "client_credentials",  
            "client_id ": clientId, //Provide your app id      
            "client_secret": clientSecret, //Provide your secret      
            "scope ": "",
            "redirectUri" :  ""
        success: function (response) {  
            token = response.access_token;  

        error: function (error) {  

I have setup the app registrations and also added Redirect URIs for SPA and Web

Not sure what else I'm missing

Thanks in Advance

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,974 questions
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,955 questions
{count} votes

Accepted answer
  1. MichaelHan-MSFT 18,021 Reputation points

    Hi @Patrick Rote ,

    I followed this post and could get the access token successfully,

    You need to change the url in AJAX call to:

    My demo code for you:

    $(document).ready(function () {  
          var token;  
          function requestToken() {  
              async: true,  
              crossDomain: true,  
              url: "", //pass your tenant  
              method: "POST",  
              headers: {  
                "content-type": "application/x-www-form-urlencoded",  
              data: {  
                grant_type: "client_credentials",  
                "client_id ": "xxx", //Provide your app id  
                client_secret: "xxx", //Provide your client secret genereated from your app  
                "scope ": "",  
              success: function (response) {  
                token = response.access_token;  
              error: function (error) {  

    Test result:


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Wirasak Chomphu 5 Reputation points


    I'm now facing the same issue:
    It seem the request doesn't pass access control check, and it redirects to login again then gets the error. Can you please advise how I can fix it?


    MsalModule.forRoot( new PublicClientApplication({
        auth: {
            clientId: environment.appRegistry.clientId,
            authority: '' + environment.appRegistry.tenantId,
            redirectUri: environment.appRegistry.appUrl,
        cache: {
          cacheLocation: BrowserCacheLocation.LocalStorage,
      }), {
        interactionType: InteractionType.Redirect,
        authRequest: {
          scopes: ['']
      }, {
        interactionType: InteractionType.Redirect, 
        protectedResourceMap: new Map([ 
            ['', ['']],
    1 person found this answer helpful.

  2. Patrick Rote 101 Reputation points

    Thanks and you are right it did the trick. Awesome.
    But now i have another quick question for you.

    I am trying to use this grap api endpoints

    var upn = "validemailaddress"

    I have registered an app registration and have a delegated permission to scope - Sites.Read.All ( this is according to the MSDN api documents insights-list-used)

    But i keep getting this error below - when i use -


    I'm acquiring a token by using

    url: _spPageContextInfo.webAbsoluteUrl + "/_api/SP.OAuth.Token/Acquire",

    Is there anything i'm missing as all the other endpoints work.
    My aim is to display recent files of logged in user on a sharepoint classic page

    Thanks in Advance