Cross Origin Resource Sharing (CORS) Error - Can this be blocked at the client?

Question

I have a web app that performs several CORS operations using $.getJSON AJAX calls. Normally, on most client browsers, this works fine because the server my app is hitting has CORS enabled. However, I noticed today when I attempt to run my app on a client (using IE 11) in a corporate environment with fairly stringent security in place, my CORS attempts are failing, with the following error:

enter image description here

If the image cannot be read, there are a couple errors.

One is SEC7118 (CORS operation
One is SEC7127 (Redirect was blocked) and 
Script7002 (XMLHTTPRequest: Network error 0x2ef1.

So, is it possible a client network can prevent CORS operatons?

Related: https://stackoverflow.com/a/47402376/184546 – TTT Nov 20 '17 at 22:45 — TTT, Nov 20 '17 at 22:45

score 2 · Accepted Answer · answered Oct 06 '14 at 22:55

2

Yes. The corporate network can block everything it wants, and it might be the case that an over-restrictive firewall strips the CORS headers (aka "everything it doesn't know") from the HTTP request/response.

answered Oct 06 '14 at 22:55

Bergi

630,263
148
957
1,375

score 0 · Answer 2 · answered Jan 12 '22 at 01:26

I had an error in an AngularJS application, simple but using directives. The resolution was as follows.

Creating a file staticwebapp.config.json in the root of the repo and adding the following config worked:

{
  "globalHeaders": {
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Methods": "GET, OPTIONS"
  }
}

Publish your application and re-test. successfully solved! Below how my AngularJS is project to project

Cross Origin Resource Sharing (CORS) Error - Can this be blocked at the client?

2 Answers2

Linked