CORS issue when accessing shared DriveItems content

[snebjorn]

Bug Report

Prerequisites

• Can you reproduce the problem?
• Are you running the latest version?
• Are you reporting to the correct repository?
• Did you perform a cursory search?

For more information, see the CONTRIBUTING guide.

Description

Requests to

GET /shares/{shareIdOrUrl}/driveItem/content

https://docs.microsoft.com/en-us/graph/api/shares-get?view=graph-rest-1.0&tabs=http

Will result in a redirect that will fail with a CORS error

this.graphClient.api(`/shares/${encodeShareableLink}/driveItem/content`).get();

This is the error:

Access to fetch at 'https://{my org}.sharepoint.com/sites/{my site}/_layouts/15/download.aspx?UniqueId={guid}&Translate=false&tempauth={token}&ApiVersion=2.0'
(redirected from 'https://graph.microsoft.com/v1.0/shares/{encoded shareable link}/driveItem/content')
from origin 'https://localhost:5001' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Steps to Reproduce

1. Call GET /shares/{shareIdOrUrl}/driveItem/content from javscript
2. Watch CORS

Expected behavior:
I expected to be able to either intercept the location header or download the file.

Actual behavior:
A CORS error was thrown

Additional Context

Add any other context about the problem here..

Usage Information

Request ID - Value of the requestId field if you are receiving a Graph API error response

SDK Version - [SDK version you are using]
"@microsoft/microsoft-graph-client": "^2.2.1"

• Node (Check, if using Node version of SDK)

Node Version - [The version of Node you are using]

• Browser (Check, if using Browser version of SDK)

Browser Name - [The name of Browser that you are using for SDK]
Chrome

Version - [The version of the browser you are using]
88.0.4324.104
AB#7930

[nikithauc]

This is a known isssue - to microsoftgraph/microsoft-graph-docs-contrib#8394.
@snebjorn Please check if the workaround suggested in the comment works for you.

Please check if the following workaround works for you
Get the download URL for the item you wish to access as follows -

Example -
https://graph.microsoft.com/v1.0/sites('${siteId}')/drives('${driveId}')/items('${fileId}')[email protected] and use the URL to download the file.

[snebjorn]

I see. Using the @microsoft.graph.downloadUrl link from GET /shares/{shareIdOrUrl}/driveItem worked, thank you.

However GET /shares/{shareIdOrUrl}/[email protected] doesn't seem to limit the response

[nikithauc]

@snebjorn can you explain what you mean by limit the response?

[snebjorn]

it doesn't select the @microsoft.graph.downloadUrl property. It still returns everything

[georgend]

@snebjorn I was able to reproduce the issue, turns out its a known issue, please use content.downloadUrl instead.
Repro in GE:-
https://graph.microsoft.com/v1.0/shares/<redacted>/driveItem?$select=id,@microsoft.graph.downloadUrl
Produces: Does not filter

However using @content.downloadUrl filters as expected.

[snebjorn]

I'm closing this as the original issue and follow up issue are both known

Although I had to do .select('content.downloadUrl') without the @ to get it to work