10

I am trying to make an AJAX call from several domains to a single one which will handle the request. Enabling Cross domain in Firefox and Chrome was easy by setting the header on the handling server:

header("Access-Control-Allow-Origin: *");

But this doesn't help enabling it in Internet Explorer. When I try:

httpreq.send('');

it stops with error Access denied.

How can this be enabled in Internet Explorer?

Aleksandar Janković
  • 821
  • 1
  • 10
  • 18

6 Answers6

12

Much has changed since I first posted my solution for CORS in IE7 and above. First of all the jQuery property $.support.cors is true by default, .NET frameworks 4.0 and above no longer support CORS as implemented in versions 3.5.1 and lower. When writing a web service with ASP.NET 4.0 I had install the Thinktecture.IdentityModel which is available as a NuGet package. Then, in the Application_Start method of the Global.asax file, add:

void Application_Start(object sender, EventArgs e) 
{ 
    Thinktecture.IdentityModel.Http.Cors.IIS.UrlBasedCorsConfiguration.Configuration
        .ForResources("*")
        .ForOrigins("http://localhost:80, http://mydomain")
        .AllowAll()
        .AllowMethods("GET", "POST");
}

Now add the httpProtocol element within system.webServer:

<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Headers" value="Content-Type, Accept, X-Requested-With, X-File-Name" />
    <add name="Access-Control-Allow-Methods" value="GET, POST" />
  </customHeaders>
</httpProtocol>

My $.ajax call is now:

$.ajax({
    url: serviceUrl, 
    data: JSON.stringify(postData),
    type: "POST",
    cache: false,
    contentType: "application/json; charset=utf-8",
    dataType: "json",
    success: onSuccess,
    error: onError
});
John Bonfardeci
  • 466
  • 3
  • 10
  • When this question was first posted IE 6 and 7 were still very common, and they have no CORS support at all. I don't believe `$.support.cors` had been implemented then either. Good to know things have improved! – Dan Jun 13 '12 at 17:48
  • from http://api.jquery.com/jQuery.support/ "...cors is equal to true if a browser can create an XMLHttpRequest object and if that XMLHttpRequest object has a withCredentials property. To enable cross-domain requests in environments that do not support cors yet but do allow cross-domain XHR requests (windows gadget, etc), set $.support.cors = true;...". I've verified this works in IE7, IE8, and IE9. – John Bonfardeci Jun 25 '12 at 18:12
  • life saver. Thanks for posting this. – Steve Kelly Sep 24 '12 at 17:18
  • This is great but doesnt work in IE8. This one here https://github.com/MoonScript/jQuery-ajaxTransport-XDomainRequest is very useful and it works in all browsers including IE8 ( haven't tested in IE 7 ) Credits to @gbakernet – Srikanth Kondaparthy Mar 18 '14 at 02:45
  • Thank you for the response Srikanth. This solution did work in IE8 for our users. There may be other variables affecting your implementation. Much has changed since this solution was posted. $.support.cors is true by default in all later versions of jQuery and this approach no longer works with .Net framework 4 and above. You must now include a library such as the Thinktecture.IdentityModel.dll for CORS to work with a .Net service. CORS must be enabled in the Global.asax method Application_Start – John Bonfardeci Mar 20 '14 at 18:41
10

Did you try do enable Access Data Source Cross Domains enter image description here

vanduc1102
  • 5,769
  • 1
  • 46
  • 43
5

I don't believe you can do that directly in Internet Explorer. You have a couple of options:

  • Set up a proxy forwarding script on the server you do control that can forward the Ajax requests. Make sure that it only forwards to the appropriate destinations that you need so that you don't get turned into an anonymous relay.

  • Use the document.domain trick. Basically you need to create a set of iframes, one for each server you need to make Ajax calls to. Within each iframe set the document.domain property to exactly match the domain you need to send the Ajax requests to. As to how to populate the necessary data, use DOM manipulation prior to setting document.domain. Note that this trick requires the target servers to be in sub-domains of the original. More in this article, with examples.

Dan
  • 10,990
  • 7
  • 51
  • 80
3

I got IE8 and 9 working with just jQuery $.ajax (jQuery version 1.7.2)

jQuery.support.cors = true;
jQuery(function() {
$.ajax({
    crossDomain : true,
    dataType: 'html',
    //...
    });
});
pellucid
  • 229
  • 2
  • 9
1

For Internet Explorer 8, you need to do like for FF3, ie use the "Access-Control-Allow-Origin" header plus use XDomainRequest object instead of XMLHttpRequest. Everything is explaiend in detail here for IE8: http://msdn.microsoft.com/en-us/library/dd573303%28VS.85%29.aspx

Older flavours of IE don't support Cross Site Access Control nor XDomainRequest objects. However it's not over, you could resort to the IFrame trick for instance, ie creating an invisible IFrame that calls your functions as described here: http://softwareas.com/cross-domain-communication-with-iframes

Eric
  • 1,138
  • 11
  • 24
0

Just adding to the Eric's answer , for Older version of IE , you can use Jquery 1.4.2's $.ajax method , that by default allows the cross domain requests, or for cross domain JSON , you can use

jQuery.getJSON( String url, Map data, Function callback ) returns XMLHttpRequest

An Excerpt from Jquery docs.

"jQuery now supports JSONP natively - if you attempt to load JSON (via $.getJSON or $.ajax) from a remote URL then an extra callback will be provided for the server to interpret."

Furqan Hameedi
  • 4,372
  • 3
  • 27
  • 34
  • To clarify, this *only* works for jsonp requests. jQuery does not provide support for XDomainRequest, and the workarounds that do require jQuery 1.5 or later: http://bugs.jquery.com/ticket/8283 – Tom Lianza Dec 25 '11 at 09:42