39

In my web site, I created a map with ALK Maps, I display the points (Markers) and roads (routings) and all this works fine in Firefox and Chrome, but in IE I display the map and points, but when I go to the road I get the error:

"SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied."

  I found a solution: security area (Internet Options> Security) make ENABLE The Following setting: Miscellaneous> Access data sources across domains.

Is there a solution to not ask customers to my website to do this configuration?

Konrad Krakowiak
  • 12,285
  • 11
  • 58
  • 45
Jawadovic3814
  • 407
  • 1
  • 4
  • 8
  • 1
    Note that the IE setting was available for IE 9 and earlier (To enable cross-origin access go to Tools->Internet Options->Security tab, click on “Custom Level” button. Find the Miscellaneous -> Access data sources across domains setting and select “Enable” option) – akhouri Sep 24 '18 at 02:35

4 Answers4

15

I don't think it's a good idea to ask your customers to disable this configuration at all. Remember that enabling and making this change does not only apply to your website but to other websites as well.

There's a huge security reason why it is disabled in Internet and Restricted Sites zones by default and it could make your customers vulnerable to different types of CORS (Cross Origin Resource Sharing) attacks

Rather than making changes on the browser level, try to enable CORS in your client/server side code or infrastructure:

http://enable-cors.org/

http://www.html5rocks.com/en/tutorials/cors/

securecodeninja
  • 2,497
  • 3
  • 16
  • 22
  • thank you for your reply, it was much useful. On my server I manage well CORS, the problem is with the API ALK Maps which I have no access to their server. – Jawadovic3814 Apr 29 '15 at 14:12
  • 36
    @Jawadovic3814 so this is not the solution, why did you mark it as correct? If it was working in Chrome and Firefox doesn't that mean CORS was already enabled? – user145400 Oct 19 '16 at 15:00
  • You can make specific websites only enable CORS by changing the zone. You don't have to give ALL websites access to it. – Katastic Voyage Jun 06 '17 at 22:06
  • Would you mind copy-pasting the essence from the links? Links go away. – Seva Alekseyev Dec 15 '17 at 21:12
  • So, does that IE option disable cross-origin checking entirely, or simply enable CORS to work? –  Oct 03 '18 at 17:12
  • For me issue was with self signed certificate. To fix it I had to open the ajax request URL in same tab, accept the warning then again open the main URL in same tab and error gone. – Kapil Aug 06 '20 at 05:00
6

We were also running into this issue and the problem was the target URL was exceeding the maximum length of ~2,000 characters in IE11.

I agree with @user145400 that if it works in Chrome and Firefox it is very likely that CORS is already correctly enabled.

Bugs Bunny
  • 2,496
  • 1
  • 26
  • 32
4

As others have mentioned, CORS came into play. In my case, IE was sending an additional header to the server (Content-Type) that the other browsers weren't, and this header wasn't allowed by my policy. Adding the header to the policy fixed the issue.

Conner
  • 352
  • 4
  • 10
  • Please post the code snippet that fixed the issue for you. – Pedro Gaspar Dec 27 '18 at 17:06
  • @Pedro Gaspar The code will vary based on the language used on the server side, but in asp.net I added Content-Type to the second parameter of my EnableCorsAttribute constructor in App_Start/WebApiConfig.cs. Reference the links in the top answer for setting up CORS. – Conner Dec 27 '18 at 17:12
  • 3
    I ran across this issue. In my case i had to allow the accept header in cors policy – leurer Apr 29 '19 at 10:59
  • 1
    In my case, it was header Accept (IE11) – AntiCZ Oct 03 '19 at 10:32
0

I run into this issue when behind a SonicWall VPN at work. My solution is to add the domain to the trusted list of sites under IE's Internet Options > Security > Trusted Sites menu; this will impact Edge as well since it seems to use IE's security settings in this regard.

Dave Cole
  • 2,446
  • 2
  • 20
  • 26