Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SEC7118: XMLHttpRequest CORS - IE Console message

Tags:

javascript

ajax

cors

internet-explorer

internet-explorer-10

I am using CORS POST request with everything taken care as given @http://www.html5rocks.com/en/tutorials/cors/

Server sets Response header to: 'Access-Control-Allow-Origin':'*' and I can see this header value in IE developer tool.

But on IE10 browser I see console message as "SEC7118: XMLHttpRequest for http:// required Cross Origin Resource Sharing (CORS).

When I check on Microsoft site it has below given explanation.

http://msdn.microsoft.com/en-us/ie/dn423949(v=vs.94).aspx

SEC7118

Description: "XMLHttpRequest for [URL] required Cross Origin Resource Sharing (CORS). " An XMLHttpRequest was made to a domain that was different than your page's domain. This requires the server to return an "Access-Control-Allow-Origin" header in its response headers, but one was not returned.

Suggested Fix: The server must support CORS requests and return an appropriate "Access-Control-Allow-Origin" header with the resource. See CORS for XHR in IE10 for more info about CORS in response headers.

Questions:

  1. I want to know if this console message is an ERROR ??
  2. Will this cause any failures ??
  3. Why do I get this message even after setting response header 'Access-Control-Allow-Origin' value to '*'??
  4. Does 'Access-Control-Allow-Origin' value has to be origin name for IE10 to work? I know * is not a very good option, But does IE requires exact origin name ??

enter image description here

enter image description here

I kept URL's and cookie details hidden from these images.

like image 910
lucky Avatar asked Jul 09 '14 06:07

lucky

1 Answers

From MSDN:

Security error codes are in the form SEC7xxx [In IE]

Pertaining to SEC7118:

An XMLHttpRequest was made to a domain that was different than your page's domain. This requires the server to return an "Access-Control-Allow-Origin" header in its response headers, but one was not returned.

Note This error code was removed in IE11 on Windows 10. It remains in IE11 for Windows 8.1 and Windows 7.

So it is technically viewed as an error from IE's perspective, but certainly isn't one (hence why it is going away). Access-Control-Allow-Origin is set on a resource, but isn't necessarily sent back with the request. If a specified resource DOESN'T have Access-Control-Allow-Origin:* (or a domain), the resource would not be accessible and the server would likely return a 503 or 404 and you would see a true error message in the console similar to the below:

XMLHttpRequest cannot load http://example.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://blog.example.com' is therefore not allowed access.

like image 148
twill Avatar answered Oct 20 '22 22:10

twill
Sign in to Comment

Related questions

Trigger File Download within iPython Notebook
NSFetchedResultsController calls didChangeObject delete instead of update
Should you install nginx inside docker? [closed]
Why using std::forward on container before accessing element?
Authenticate Angular js module for Apigility
Android Studio Setup Wizard Stuck on Downloading Components
Why organize projects inside a src folder?
Unsafe attempt to load URL svg
Why is genymotion running so slowly?
How does UILabel vertically center its text?
Why set the RequestInitializationTimeout property?
Web scraping SEC Edgar 10-K and 10-Q filings

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!