7

I have GWT application that uses CORS and sets cookies. It works fine in Chrome, Firefox, Opera, but in IE10 (Version 10.0.9200.16521) I get this error:

SCRIPT5022: com.google.gwt.core.client.JavaScriptException: (InvalidStateError) 
 code: 11
 ABORT_ERR: 20
 DATA_CLONE_ERR: 25
 DOMSTRING_SIZE_ERR: 2
 HIERARCHY_REQUEST_ERR: 3
 INDEX_SIZE_ERR: 1
 INUSE_ATTRIBUTE_ERR: 10
 INVALID_ACCESS_ERR: 15
 INVALID_CHARACTER_ERR: 5
 INVALID_MODIFICATION_ERR: 13
 INVALID_NODE_TYPE_ERR: 24
 INVALID_STATE_ERR: 11
 NAMESPACE_ERR: 14
 NETWORK_ERR: 19
 NOT_FOUND_ERR: 8
 NOT_SUPPORTED_ERR: 9
 NO_DATA_ALLOWED_ERR: 6
 NO_MODIFICATION_ALLOWED_ERR: 7
 PARSE_ERR: 81
 QUOTA_EXCEEDED_ERR: 22
 SECURITY_ERR: 18
 SERIALIZE_ERR: 82
 SYNTAX_ERR: 12
 TIMEOUT_ERR: 23
 TYPE_MISMATCH_ERR: 17
 URL_MISMATCH_ERR: 21
 VALIDATION_ERR: 16
 WRONG_DOCUMENT_ERR: 4: InvalidStateError 
B3D7C8F35C000AA1ADFE700845710C1A.cache.html, line 1102 character 7

I see that the error is thrown when this is execute:

xhr.withCredentials = true;

Here is GWT javascript code:

function create_3(){
  var xhr;
  if ($wnd.XMLHttpRequest) {
    xhr = new $wnd.XMLHttpRequest;
  }
   else {
    try {
      xhr = new $wnd.ActiveXObject('MSXML2.XMLHTTP.3.0');
    }
     catch (e) {
      xhr = new $wnd.ActiveXObject('Microsoft.XMLHTTP');
    }
  }
  xhr.withCredentials = true;
  return xhr;
}

I found this post: Make a CORS request in IE9 with cookies?

However I upgraded to IE10 and it didn't make any difference.

Anyone else experiencing similar problem?

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Tomas
  • 675
  • 1
  • 9
  • 18
  • Is your server adding an CORS specific headers? It needs to return the `Access-Control-Allow-Origin` and `Access-Control-Allow-Credentials` headers (at the very least). – monsur Mar 26 '13 at 15:50
  • Yes the headers are being set and as I mentioned above it works with Chrome, Firefox, Safari and Opera. In IE10 (and IE9) main GWT javascript file get downloaded and on execution I get an exception listed above. – Tomas Mar 26 '13 at 20:20
  • This seems to be related: http://stackoverflow.com/questions/12643960/internet-explorer-10-is-ignoring-xmlhttprequest-xhr-withcredentials-true – Tomas Mar 26 '13 at 21:39
  • Also this one: https://github.com/Fyrd/caniuse/pull/73 – Tomas Mar 26 '13 at 21:43
  • 1
    "IE 10 Bug #579587 indicates that cookies are not being sent when withCredentials is set to true." http://msdn.microsoft.com/en-gb/library/ie/hh872883(v=vs.85).aspx – Tomas Mar 26 '13 at 21:46
  • 1
    I tried to log in to MSDN however I can't find any info on Bug #579587 – Tomas Mar 26 '13 at 21:59
  • Where's this code coming from? Is this JSNI? – Thomas Broyer May 03 '13 at 10:04
  • I found the solution and posted it here: http://code.google.com/p/google-web-toolkit/issues/detail?id=8120 – Tomas May 04 '13 at 21:06
  • I was using CORS to develop an intranet tool. However, my source server was not part of the intranet. I had to set the source server as an intranet site in order for CORS to work in this case... Sounds similar to what you are experiencing. (Although this isn't the best solution.) – Richard Sep 26 '13 at 17:28

2 Answers2

12

I had a similar problem (using CORS in general, not specifically GWT). It turned out that the browser settings were blocking third-party cookies (IE10 > Internet Options > Privacy > Advanced > Third Party Cookies > Accept). To solve the problem, I checked "Override automatic cookie handling", "Accept" (Third-party Cookies) and "Always allow session cookies."

Andrew M. Andrews III
  • 1,989
  • 18
  • 23
7

Asking users to reconfigure their browsers to allow all 3rd party cookies isn't likely to be successful. The proper fix here is to ensure that the target 3rd-party resource has a P3P policy which is acceptable for use on resources used in 3rd party contexts. http://blogs.msdn.com/b/ieinternals/archive/2013/09/17/simple-introduction-to-p3p-cookie-blocking-frame.aspx

EricLaw
  • 56,563
  • 7
  • 151
  • 196