Menu
I'm using jQuery to send cross origin ajax requests and they're working fine in IE11, Chrome and Firefox but they fail in Edge with the following error:
SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.
What's interesting is that I used Fiddler to try to figure out what was going on and when Fiddler is running and capturing requests everything works fine. As soon as I close Fiddler or pause capture it fails again.
The site is running on my local machine (webpack-dev-server) making requests across the local network to a WebAPI service.
My hosts file is set up like this:
127.0.0.1 local.myapp.test
192.168.0.111 api.myapp.test
It shouldn't be a problem in production as the site and API will be hosted in the same place but it's invaluable for development and testing.
Update:
Thanks to Eric Law on the Telerik forums I now know why it was behaving differently with Fiddler enabled - Edge was switching to Local Intranet zone because of the proxy settings change Fiddler makes and the intranet zone has a lower security level.
There are a few possibilities; without exact details of your configuration, we're just shooting in the dark.
One possibility is that your computer is configured with an Intranet zone and that Intranet zone is dependent on a proxy configuration script: http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx. When Fiddler is running, the proxy settings are pointed at Fiddler itself.
I'm going to bump the Local intranet zone security level up to Medium-High to match the Internet zone and then use Fiddler to try to work out why Edge is upset about the CORS request.
257
I came across this 'issue' recently and the solution is to go to edge://flags/ (just type it inside of your search bar). After that, do a search for CORS and soon you'll be presented with Block insecure private network requests flag. All you have to do is to select disable and that's it. Dzenis H.
Accessing the flags menu is super easy. All you need to do is open up Microsoft Edge and type into the search bar edge://flags. This will get you to the flags menu, with an appropriate warning on how some of these features are not guaranteed to work all the time.
Cross-Origin Resource Sharing (CORS) is a standard that allows a server to relax the same-origin policy. This is used to explicitly allow some cross-origin requests while rejecting others. For example, if a site offers an embeddable service, it may be necessary to relax certain restrictions.
I'll include below, verbatim, the answers that Eric Lawrence (creator of Fiddler) kindly provided on the Fiddler forum:
One possibility is that your computer is configured with an Intranet zone and that Intranet zone is dependent on a proxy configuration script: http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx. When Fiddler is running, the proxy settings are pointed at Fiddler itself.
... there's another factor at work here if you're using an Intranet site as the target of an XHR from a site in the Internet zone.
Edge runs in Enhanced Protected Mode (AppContainer). That has a feature which blocks access to Private Network Resources from Internet-Zone processes. See the "Private Network resources" section of http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx for more details.
I added local.myapp.test (the URL I'm running my SPA from) to the Local Intranet zone in Internet Options and now Edge is happy without the need for Fiddler.
114
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
