I am using an xhr to make a cross domain POST request to a service that is hosted on another server. I have enabled CORS by setting the required headers on the server's IIS, viz. Access-Control-Allow-Origin as '*' and Acces-Control-Allow-Headers as 'content-type, x-request-with', etc.
This xhr is part of the script for a site (say X).
- When X is hosted on my machine (IIS), I am able to make the CORS request when I access the site as http: //localhost/X. Whereas when I browse to http: //my-machine-name/X, I get the Access Denied error (as observed from IE's debugger).
- When X is hosted on another server and when I access X from my machine, I get the Access Denied error once again.
Also note the following points:
- From Chrome, CORS is working properly. I can see the OPTIONS request at first from fiddler. From IE11 however, the request is not even sent.
- Access data sources across domains is set to Disable on IE 11. I do not want to change that setting.
- When I disabled the option (from point 2), I noticed that the requests are being sent with no ORIGIN header by IE 11. From localhost however, the ORIGIN is set as 'http //localhost'. Chrome sets the ORIGIN as 'my-machine-name' even when I browse to X using http: //my-machine-name/X.
- I have also tried using an ajax post request. I get the same error in IE 11 when I use that as well.
Please help me out here. I want to know why IE 11 is not setting the ORIGIN header in the cases mentioned, as I believe that to be the reason why CORS isn't working.
