Inside JavaScript I am making an XMLHttpRequest to a server which generates a PDF and returns the PDF data. In Chrome I'm able to open this data in a new window/tab like this:
window.open( URL.createObjectURL(RETURNED_DATA) );
where RETURNED_DATA is the actual data returned from the XHR.
In IE10 (and I'm assuming older versions of IE), I'm getting "Permission denied" when attempting to window.open() with the DOMString object returned from URL.createObjectURL()
I've tried various versions of this such as opening the new window before sending the XHR and updating the new window's location in the XHR callback, and opening the new window with a simple HTML file that just contains the XHR so that it can update it's own location in the XHR callback. All of these variations work in Chrome but result in "Permission denied" errors in IE10.
My best guess is that it's caused by the same-origin policy. When logging the DOMString object to the console in Chrome vs IE, I've noticed that Chrome prepends the string with protocol and host so blob:http://localhost:8080/BLOB_DATA whereas IE10 just has blob:BLOB_DATA.
Any ideas how to resolve this issue in IE?
