Office 2016 add-in communicating to http://localhost

Asked 31/1, 2018 at 12:1 Answered 23/3, 2020 at 8:9

I'd like to build a Microsoft Office 2016 Add-in that could be used off-line (at least after being used online once).

I understand that we could cache HTML, js, etc. like a normal browser and I had thought of using a local HTTP server (not distributed with the Add-in) so the plugin could communicate with it. But doing things like:

var xmlHttp = new XMLHttpRequest();
xmlHttp.open("GET", "http://localhost:8080", true);
xmlHttp.onreadystatechange = function(aEvt) {
  if (xmlHttp.status == 200) {
    console.log(xmlHttp.responseText);
  } else {
    console.log("Status:" + xmlHttp.statusText);
  }
};
xmlHttp.send();

This fails with:

JavaScript runtime error: Access is denied.

If I used an HTTPS URL (to a proper server) it works.

I think that the Add-ins only allow HTTPS and not HTTP requests?

What would be the best way to communicate, not via HTTPS external on the Internet, an Office 2016 add-in with another process in the machine?

Is it possible to relax the security on the manifest (I haven't found how) and allow HTTP requests to localhost?

Argufy answered 31/1, 2018 at 12:1 Comment(2)

How did you resolve it? – Armillia 20/9, 2018 at 14:36

Sadly I didn't fix it. – Argufy 21/9, 2018 at 0:14

I think that the Add-ins only allow https and not http requests?

Correct. As per documentation on Office Add-ins XML manifest all URLs must be SSL-secured (HTTPS)

What would be the best way to communicate, not via https external on the Internet, an Office 2016 add-in with another process in the machine?

There are 2 ways I can see...

Use generated self-signed cert will work for you.
Create proper https service for communication with add-in. From your service communicate over http (unsecure) to wherever you like. I wouldn't advise to use this solution as it's not secure at all.

Is it possible to relax the security on the manifest (I haven't found how) and allow http requests to localhost?

No.

Zellner answered 31/1, 2018 at 15:1 Comment(1)

As far as I know Office 2016 should not accept the self-signed certificate for localhost - unless, in a dev machine, we add this certificate (or the signing CA) as a valid certificate. Was your solution thinking something like this? (in a dev machine, not a user's machine). – Argufy 1/2, 2018 at 0:0

What worked for me was to click the click the solution and go to the properties tab and change SSL Enabled from True to False, and whenever you intend to produce a prod build turn SSL flag to True.

Espinoza answered 18/2, 2020 at 17:47 Comment(0)

you basically need to import the self-signed certificate in the browser but if you are looking for a quick fix for development purposes go to chrome://flags in your chrome browser and allow invalid certificates to be loaded. enter image description here

Isaacson answered 23/3, 2020 at 8:9 Comment(0)

Recommended topics

Hot tags