In IE8 and 9 I am getting the following JavaScript Error when I'm doing a CORS webapi call:
Error: Access is denied.
{
[functions]: ,
description: "Access is denied.",
message: "Access is denied.",
name: "Error",
number: -2147024891
}
I set up my WebApi like described here
So the WebApi contains:
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
[...]
My test AngularJS App:
<!DOCTYPE html>
<html xmlns="" xmlns:ng="" ng-app="app">
<head>
<title>test</title>
<script src="Scripts/angular.js"></script>
<script src="app.js"></script>
</head>
<body>
<div ng-controller="testController as vm">
{{vm.test}}
{{vm.data}}
</div>
</body>
</html>
app.js:
var app = angular.module('app');
app.controller('testController', function ($http) {
var vm;
vm = this;
vm.test = "bla non no ";
vm.data = null;
$http.defaults.headersmon['Authorization'] = 'a token'
return $http({
method: 'GET',
data: null,
url: '/',
}, function (data) {
console.log("bla");
}).success(function (data, status, headers, config) {
console.log("bla a");
vm.data;
});
});
The above code / webapi calls works with chrome and IE 10. IE10 prints:
SEC7118: XMLHttpRequest for / required Cross Origin Resource Sharing (CORS). SEC7119: XMLHttpRequest for / required CORS preflight.
I'm really stuck and don't know what I can try else. Any ideas?
In IE8 and 9 I am getting the following JavaScript Error when I'm doing a CORS webapi call:
Error: Access is denied.
{
[functions]: ,
description: "Access is denied.",
message: "Access is denied.",
name: "Error",
number: -2147024891
}
I set up my WebApi like described here http://www.asp/web-api/overview/security/enabling-cross-origin-requests-in-web-api
So the WebApi contains:
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
[...]
My test AngularJS App:
<!DOCTYPE html>
<html xmlns="http://www.w3/1999/xhtml" xmlns:ng="http://angularjs" ng-app="app">
<head>
<title>test</title>
<script src="Scripts/angular.js"></script>
<script src="app.js"></script>
</head>
<body>
<div ng-controller="testController as vm">
{{vm.test}}
{{vm.data}}
</div>
</body>
</html>
app.js:
var app = angular.module('app');
app.controller('testController', function ($http) {
var vm;
vm = this;
vm.test = "bla non no ";
vm.data = null;
$http.defaults.headers.mon['Authorization'] = 'a token'
return $http({
method: 'GET',
data: null,
url: 'http://webapi./api/controller/getactionmethod/',
}, function (data) {
console.log("bla");
}).success(function (data, status, headers, config) {
console.log("bla a");
vm.data;
});
});
The above code / webapi calls works with chrome and IE 10. IE10 prints:
SEC7118: XMLHttpRequest for http://webapi./api/controller/getactionmethod/ required Cross Origin Resource Sharing (CORS). SEC7119: XMLHttpRequest for http://webapi./api/controller/getactionmethod/ required CORS preflight.
I'm really stuck and don't know what I can try else. Any ideas?
Share Improve this question edited Sep 28, 2015 at 14:00 bjunix 4,5384 gold badges35 silver badges33 bronze badges asked Oct 10, 2014 at 16:46 BriefkastenBriefkasten 1,9943 gold badges26 silver badges57 bronze badges 5- stackoverflow./questions/10232017/… – epascarello Commented Oct 10, 2014 at 16:48
- 1 I'm using angularjs not jQuery. – Briefkasten Commented Oct 10, 2014 at 16:50
- 2 IE8 and IE9 don't support the standard CORS XHR. See my answer to this question for more info stackoverflow./questions/25141650/… – MrCode Commented Oct 10, 2014 at 16:57
- MrCode is correct. You need to use JSONP for legacy browsers. caniuse./#search=CORS – Chris Love Commented Oct 10, 2014 at 19:12
- There are definitely other solutions than doing JSONP requests to solve the CORS issues in IE8/9 – bjunix Commented Sep 28, 2015 at 14:01
2 Answers
Reset to default 2I had the same issue with IE8/9 (Django backend instead of ASP.NET) when doing CORS requests.
There are several ways to solve this problem. The easiest and fastest solution for me was to use the polyfill from jpillora. With this polyfill normal CORS XMLHttpRequests will be swapped out for XDR on IE8/9.
Include XHook and add following before-hook to your site:
xhook.before(function(request, callback) {
//skip browsers that dont use XDR
if(!window.XDomainRequest)
return callback();
//skip requests that aren't cross domain
var url = request.url;
var loc = window.location;
var hostname = loc.hostname + (loc.port ? ":"+loc.port : "");
if(!/^https?:\/\/([^\?\/]+)/.test(url) || RegExp.$1 === hostname)
return callback();
//if not GET, force POST
var method = request.method;
if(method !== 'GET') method = 'POST';
//force same protocol
url = url.replace(/^https?:/,loc.protocol);
//request!
var xdr = new window.XDomainRequest();
xdr.timeout = request.timeout;
//proxy events
var proxy = function(e) {
xdr['on'+e] = function() {
request.xhr.dispatchEvent(e);
};
};
var events = ['progress','timeout','error'];
for(var i = 0; i < events.length; ++i )
proxy(events[i]);
//custom onload
xdr.onload = function() {
callback({
status: 200,
statusText: "OK",
headers: {
'Content-Type': xdr.contentType
},
text: xdr.responseText
})
};
xdr.open(method, url);
xdr.send(request.body);
return
});
There are several other solutions:
- https://github./Modernizr/Modernizr/wiki/HTML5-Cross-Browser-Polyfills#cross-origin-resource-sharing-cors
- https://github./jpillora/xdomain
- https://michiganlabs./easy-cors-legacy-browsers/#.VglHEye1FBd
AngularJS v1.2.23 does not support CORS requests for IE8 or IE9. But IE8/9 supports CORS limited with the XDomainRequest object. See also http://msdn.microsoft./en-us/library/ie/cc288060(v=vs.85).aspx
I tried to modify the angularjs lib like descriped here http://samuellam.wordpress./2013/08/03/ie-89-cors-support-in-angular-js/
But I noticed I can't send with the XDomainRequest requests a custom header. So I ended up deploying the project on the same machine with same ips which will work for IE8 and 9, which is in fact only a workaround.
http://blogs.msdn./b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx