Allow Office.JS Add-ins to be deployed VIA plain HTTP/S (without Sharepoint)
I would like the new Office.JS add-in framework to have the ability to publish add-ins via plain HTTP, without the use of Sharepoint server.
The Office.JS framework has been beautifully designed in it's use of HTML/JS for add-in development. Unfortunately, it's usage in in Enterprise environments is strongly limited by the inability to deploy add-in manifests via simple HTTP (barring the use of Sharepoint, which is very expensive and not worth buying simply for the purpose). Since the manifests can be published via simple file share, it feels as if this is an artificial limitation that goes against the entire concept of hosting add-ins as web applications on normal web servers. Even the older click-once technology allows manifests to be deployed via HTTP.
I believe that adding this feature could lead to a very widespread adaptation of Office.js. The slick HTML/JS model combined with the robust feature set are extremely appealing, but the deployment limitations cause us to think long and hard about whether we should use it.
Thank you for reaching out. We require the use of HTTPS to ensure that add-in traffic cannot be tampered with. We’ve seen customers, even those with intranet deployments moving towards using https exclusively. Accordingly we are not currently considering supporting plain HTTP.
I second Andy:
My need is to allow convenient access for external customers to Excel Add-ins (anonymous embedded Excel Online assessment tools). None of the 3 existing access methods work in my scenario.
I agree with Ernst. I agree requiring encryption is good.
My interpretation of the request is to allow add-ins to access manifests via the internet (not just intranet). so to not limit access via only Store, intranet, or SharePoint.
My need is to allow convenient access for external customers to Excel Add-ins (anonymous embedded Excel Online assessment tools). None of the 3 existing access methods work in my scenario. I use the EWA Namespace API for this currently, but would strong prefer to use add-ins API.
Ernst Scheithauer commented
Dear Microsoft team,
I can understand your decision not so support HTTP without encryption.
However, as I understand the feature request it is about not requiring SharePoint and does not ask for no encryption (see the "HTTP/S" in the title).
Could you revisit your decision?