-1

EDIT2: Just want to say thanks to everyone that helped me with this in the comments. After looking across a bunch of websites in IE11 and looking at their ajax requests it seems like many peoples requests are being blocked from cors and most code falls back to jsonp so I think we will do the same.

EDIT: This is not a duplicate of the other mentioned question because as I stated below I am not using with credentials therefore it is not trying to send domain cookies with the request and doesn't require a P3P header. I have confirmed this by checking the privacy section in IE and nothing is being blocked.

I do a cross domain request to my endpoint from another website. I have no problems in any browser but IE11. Chome, FF all versions etc work fine. I am not setting any custom headers so there is no preflight request. I also am not using allow credentials so I wouldn't think I need any P3P header but I also tried this with no luck.

I get an info message that says XMLHTTPRequest for https://xxx required Cross Origin Resource Sharing (CORS) in my console

I can see the in the network tab that the HTTP response comes back fine but just that my XMLHTTPRequest function returns a status code of zero and the response body is empty.

My request is to a node js server will headers set as below. I have tired many combinations without luck. In production and working with other browsers I have far less headers.

  res.header('Access-Control-Allow-Origin', '*')
  res.header('Access-Control-Allow-Headers', 'Overwrite, Destination, Content-Type, Depth, User-Agent, Translate, Range, Content-Range, Timeout, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Location, Lock-Token, If, Accept, Pragma')
  res.header('Access-Control-Allow-Methods', 'GET, POST')
  res.header('Access-Control-Expose-Headers', 'DAV, content-length, Allow')
  res.header('P3P', `CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"`)
ozzieisaacs
  • 833
  • 2
  • 11
  • 23
  • Possible duplicate of [CORS request with IE11](https://stackoverflow.com/questions/20198696/cors-request-with-ie11) – darklightcode Nov 20 '18 at 19:12
  • Please see my edit. This is not a duplicate as I am not using withCredentials. – ozzieisaacs Nov 20 '18 at 19:28
  • Have you tried `res.header('Access-Control-Allow-Origin', 'https://xxx')` ? – darklightcode Nov 20 '18 at 19:32
  • Add `OPTIONS` to `res.header('Access-Control-Allow-Methods', 'GET, POST')`, for the preflight, and make sure the `OPTIONS` request returns a valid status like `200` or `204 No Content` and in the response headers you must have `'Location: /requested/url/path'` (this should happen by default, but double check it in the developer tools) – darklightcode Nov 20 '18 at 19:35
  • It doesn't do a preflight request because I'm not setting any custom headers. I did try setting the origin to the exact website origin instead of a wildcard and it didn't seem to make a difference. – ozzieisaacs Nov 20 '18 at 19:56
  • Based on your description, I can see that you are not setting any custom headers but if there is any other information available then you can try to inform us. It can be helpful to us to narrow down the issue. You can try to refer link below. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS If possible then try to use the fiddler to capture the request and response of http traffic and try to post it here. – Deepak-MSFT Nov 26 '18 at 06:32

1 Answers1

-1

Moved to JSONP for IE11. This is what facebook embed code does and many other sites in IE11. Seemes like this is a common issue.

ozzieisaacs
  • 833
  • 2
  • 11
  • 23