Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Access control for cross site requests in Internet Explorer

I am trying to make an AJAX call from several domains to a single one which will handle the request. Enabling Cross domain in Firefox and Chrome was easy by setting the header on the handling server:

header("Access-Control-Allow-Origin: *");

But this doesn't help enabling it in Internet Explorer. When I try:

httpreq.send('');

it stops with error Access denied.

How can this be enabled in Internet Explorer?

like image 528
Aleksandar Janković Avatar asked Jan 11 '10 20:01

Aleksandar Janković


People also ask

How do I enable CORS in Internet Explorer?

To enable cross-origin access go to Tools->Internet Options->Security tab, click on “Custom Level” button. Find the Miscellaneous -> Access data sources across domains setting and select “Enable” option.

What is Cross site Access-Control requests?

Cross-Site requests using the GET or POST method with request headers other than those in the simple request header whitelist will have a preflight request to ensure that the server is can handle those headers. (Similarly to requests using methods other than GET or POST .)

How do I enable cross-origin requests in browser?

Allow CORS: Access-Control-Allow-Origin lets you easily perform cross-domain Ajax requests in web applications. Simply activate the add-on and perform the request. CORS or Cross-Origin Resource Sharing is blocked in modern browsers by default (in JavaScript APIs).


2 Answers

Much has changed since I first posted my solution for CORS in IE7 and above. First of all the jQuery property $.support.cors is true by default, .NET frameworks 4.0 and above no longer support CORS as implemented in versions 3.5.1 and lower. When writing a web service with ASP.NET 4.0 I had install the Thinktecture.IdentityModel which is available as a NuGet package. Then, in the Application_Start method of the Global.asax file, add:

void Application_Start(object sender, EventArgs e) 
{ 
    Thinktecture.IdentityModel.Http.Cors.IIS.UrlBasedCorsConfiguration.Configuration
        .ForResources("*")
        .ForOrigins("http://localhost:80, http://mydomain")
        .AllowAll()
        .AllowMethods("GET", "POST");
}

Now add the httpProtocol element within system.webServer:

<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Headers" value="Content-Type, Accept, X-Requested-With, X-File-Name" />
    <add name="Access-Control-Allow-Methods" value="GET, POST" />
  </customHeaders>
</httpProtocol>

My $.ajax call is now:

$.ajax({
    url: serviceUrl, 
    data: JSON.stringify(postData),
    type: "POST",
    cache: false,
    contentType: "application/json; charset=utf-8",
    dataType: "json",
    success: onSuccess,
    error: onError
});
like image 117
John Bonfardeci Avatar answered Sep 27 '22 23:09

John Bonfardeci


Did you try do enable Access Data Source Cross Domains enter image description here

like image 21
vanduc1102 Avatar answered Sep 27 '22 23:09

vanduc1102