CORS request aborted when adding a custom header in AJAX CORS request in IE10

Question

When I add this header to my jQueryAjax request:

headers: {
    "Authorization": "SomeValue"
}

on the server I add the Authorization header to the

h.Add("Access-Control-Allow-Headers","Authorization");

This works fine in other browsers but not in IE10!

ONE REMARK:

If I comment out the authentication header, refresh the page, issue a regular GET request to my web api which by default does not trigger a preflight request. After that request, I uncomment the custom header in my jquery request, save, refresh the page, issue a new request with a custom header, which then executes successfully !

In IE 10 web developer tools I can see an error message:

SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied

SEC7118: XMLHttpRequest for https://mywebapi.dev/api/authentication/cors/ required Cross Origin Resource Sharing (CORS). cors SEC7119: XMLHttpRequest for https://mywebapi.dev/api/authentication/cors/ required CORS preflight. cors SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.

The request is aborted right away, it never reaches the message handler!

I have the same problem, IE10 just ignores `Authorization` header. Is there any solution? — Dmitriy Nevzorov, May 16 '16 at 08:33
You have to provide more information. The authorization header is not sent during an Options request by default. — Legends, May 16 '16 at 12:02

score 1 · Accepted Answer · edited May 23 '17 at 12:31

This is already answered here and explained by @EricLaw in the anser/comment section. I found it now, because I googled the error code

SCRIPT7002

What I have done is:

I went to IIS where my webapi is hosted and
Click/mark my web application which is hosting my webapi and
Go to SSL Settings-> Check Ignore Client Certificates!.

Now the the preflight CORS request goes through using IE10.

CORS request aborted when adding a custom header in AJAX CORS request in IE10

1 Answers1

Linked