In a Workflow we have some Tasks Forms where the users should have the ability to view attachments from the related list item and also add new files or delete a selected file when approving the task.

We have added a panel to the Task Form and render the related Attachments as also a input of type file into that panel.

This is working fine.

But the code to add a new file or delete a file does not work. 

We get 405 Method not Allowed.

We use following code with type:POST to add a file:

context = new SP.ClientContext(appweburl); factory = new SP.ProxyWebRequestExecutorFactory(appweburl); context.set_webRequestExecutorFactory(factory); var executor = new SP.RequestExecutor(appweburl); var fullUrl = appweburl + "/_api/SP.AppContextSite(@target)/web/lists/getbytitle('" + listName + "')/items("+ID+")/AttachmentFiles/add(FileName='" + file.name + "')?@target='" + encodeURIComponent(hostweburl) + "'"; executor.executeAsync({ url: fullUrl, type: "POST", processData: false, contentType: "application/json;odata=verbose", data: buffer, headers: { "accept": "application/json;odata=verbose" }, success: function (data) { // }, error: function (err) { // } });

The code resists in a js file in the SiteAssets library and is referenced in the task form.

As we understood, we do not need to determine the request digest as the SP.RequestExecutor is taking care of it.

From the console we grab the request url which has been send:

We replaced our domain name with xxx here.

https://xxx-ddcd64337d0669.sharepoint.com/sites/sponsoring/FormsApp/_api/SP.AppContextSite(@target)/web/lists/getbytitle('Spenden')/items(57)/AttachmentFiles/getbyFileName('Bescheinigung.docx')?@target=%27https%3A%2F%2Fxxx.sharepoint.com%2Fsites%2Fsponsoring%27

This looks good to us.

The user running the Workflow and the user participating are having appropriate permissions

What are we missing?