Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CORS doesn't work with cookies in IE10

Tags:

cross-domain

cookies

internet-explorer-10

internet-explorer-9

gwt

I have GWT application that uses CORS and sets cookies. It works fine in Chrome, Firefox, Opera, but in IE10 (Version 10.0.9200.16521) I get this error:

SCRIPT5022: com.google.gwt.core.client.JavaScriptException: (InvalidStateError) 
 code: 11
 ABORT_ERR: 20
 DATA_CLONE_ERR: 25
 DOMSTRING_SIZE_ERR: 2
 HIERARCHY_REQUEST_ERR: 3
 INDEX_SIZE_ERR: 1
 INUSE_ATTRIBUTE_ERR: 10
 INVALID_ACCESS_ERR: 15
 INVALID_CHARACTER_ERR: 5
 INVALID_MODIFICATION_ERR: 13
 INVALID_NODE_TYPE_ERR: 24
 INVALID_STATE_ERR: 11
 NAMESPACE_ERR: 14
 NETWORK_ERR: 19
 NOT_FOUND_ERR: 8
 NOT_SUPPORTED_ERR: 9
 NO_DATA_ALLOWED_ERR: 6
 NO_MODIFICATION_ALLOWED_ERR: 7
 PARSE_ERR: 81
 QUOTA_EXCEEDED_ERR: 22
 SECURITY_ERR: 18
 SERIALIZE_ERR: 82
 SYNTAX_ERR: 12
 TIMEOUT_ERR: 23
 TYPE_MISMATCH_ERR: 17
 URL_MISMATCH_ERR: 21
 VALIDATION_ERR: 16
 WRONG_DOCUMENT_ERR: 4: InvalidStateError 
B3D7C8F35C000AA1ADFE700845710C1A.cache.html, line 1102 character 7

I see that the error is thrown when this is execute:

xhr.withCredentials = true;

Here is GWT javascript code:

function create_3(){
  var xhr;
  if ($wnd.XMLHttpRequest) {
    xhr = new $wnd.XMLHttpRequest;
  }
   else {
    try {
      xhr = new $wnd.ActiveXObject('MSXML2.XMLHTTP.3.0');
    }
     catch (e) {
      xhr = new $wnd.ActiveXObject('Microsoft.XMLHTTP');
    }
  }
  xhr.withCredentials = true;
  return xhr;
}

I found this post: Make a CORS request in IE9 with cookies?

However I upgraded to IE10 and it didn't make any difference.

Anyone else experiencing similar problem?

like image 516
Tomas Avatar asked Mar 25 '13 23:03

Tomas

2 Answers

I had a similar problem (using CORS in general, not specifically GWT). It turned out that the browser settings were blocking third-party cookies (IE10 > Internet Options > Privacy > Advanced > Third Party Cookies > Accept). To solve the problem, I checked "Override automatic cookie handling", "Accept" (Third-party Cookies) and "Always allow session cookies."

like image 196
Andrew M. Andrews III Avatar answered Dec 13 '22 17:12

Andrew M. Andrews III

Asking users to reconfigure their browsers to allow all 3rd party cookies isn't likely to be successful. The proper fix here is to ensure that the target 3rd-party resource has a P3P policy which is acceptable for use on resources used in 3rd party contexts. http://blogs.msdn.com/b/ieinternals/archive/2013/09/17/simple-introduction-to-p3p-cookie-blocking-frame.aspx

like image 30
EricLaw Avatar answered Dec 13 '22 17:12

EricLaw
Sign in to Comment

Related questions

Iframe wont respect login cookies
Login system (PHP) Cookies and Sessions
Can I get cookie only from second level domain?
Sharing Cookies Between Sub Domains in java?
How to prevent session timeout
Set cookie value from variable
how to put data in session variable and get the data in different page in vaadin?
Javascript: Problems parsing document.cookie JSON object
How do I retrieve a cookie from a NSURLResponse in Swift?
Why should I put a CSRF token in a JWT token?
Setting a cookie on the request with chai
Are the cookies for PHP sessions secure?
PHP Cookies for multiple Domains
Node.js/Express.js session management cookie to be session cookie
Cookie max age in Java
How to activate secure cookies in Wildfly?
WWW::Mechanize and Cookies
Subdomain cookie sharing in Rails 3 is not working (on Heroku)?
Creating Servlet Cookies
Sending cookie with http post android

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!