无法通过REST将文件上传到Sharepoint @ Office 365

Question

I'm having trouble creating/uploading files via Microsoft's REST API (or at least that's what they call it) for Sharepoint running on Office 365. It looks like I'm able to authenticate all right, but I'm getting 403 Forbidden when I try to create a file. The same user can upload a file using the website.

The code I've been using can be seen on http://jsfiddle.net/Lw8hcyda/5/ . (Please note that you need to allow cross domain requests if you try to run it in your browser.)

    $.ajax({
        url: 'https://examplecustomer.sharepoint.com/sites/examplesite/_api/web/GetFolderByServerRelativeUrl(\'/sites/examplesite/Documents/images\')/Files/add(url=\'testing-rest.txt\',overwrite=true)',
        type: 'POST',
        data: 'contents',
        headers: {
            'X-RequestDigest': digest
        },
        success: function (data, textStatus, jqXhr) {
            console.log('File created. :-D');
        },
        error: function (jqXhr, textStatus, errorThrown) {
            console.log('Failed to create file. Got status [' + textStatus + '] and error [' + errorThrown + '].');
        }
    });

Listing files using GET to https://examplecustomer.sharepoint.com/sites/examplesite/_api/web/GetFolderByServerRelativeUrl('/sites/examplesite/Documents/images')/Files works 100% (but that doesn't require that request digest).

Getting a new request digest using POST to https://examplecustomer.sharepoint.com/sites/examplesite/_api/contextinfo also fails with 403 Forbidden .

I've got a X-RequestDigest (from the page returned after logging in) that seems valid and I got values for the FedAuth and rtFa cookies.

Most of the help for using the services I've found have been various blog posts from around the Internet. In the comments there are typically a few that tell about the same problem, though I haven't seen any solutions.

Answer 1

To me it just seems a bit light, visit this link https://msdn.microsoft.com/en-us/library/office/dn769086.aspx on technet, and compare your upload function to this:

// Add the file to the file collection in the Shared Documents folder.
function addFileToFolder(arrayBuffer) {

    // Get the file name from the file input control on the page.
    var parts = fileInput[0].value.split('\\');
    var fileName = parts[parts.length - 1];

    // Construct the endpoint.
    var fileCollectionEndpoint = String.format(
        "{0}/_api/sp.appcontextsite(@target)/web/getfolderbyserverrelativeurl('{1}')/files" +
        "/add(overwrite=true, url='{2}')?@target='{3}'",
        appWebUrl, serverRelativeUrlToFolder, fileName, hostWebUrl);

    // Send the request and return the response.
    // This call returns the SharePoint file.
    return jQuery.ajax({
        url: fileCollectionEndpoint,
        type: "POST",
        data: arrayBuffer,
        processData: false,
        headers: {
            "accept": "application/json;odata=verbose",
            "X-RequestDigest": jQuery("#__REQUESTDIGEST").val(),
            "content-length": arrayBuffer.byteLength
        }
    });
}

Also; since calling office online from a mobile app, you should include the Authorization header "Bearer <>"

Answer 2

As JakobN and JoyS Points out in the comments:

Changing:

headers: {
    'X-RequestDigest': digest
},

To:

headers: {
    'Authorization': 'Bearer '+digest
},

Did the trick for me! Not the first SPO authentication sudden change that has thrown me off.