Pages

Wednesday, September 4, 2013

IE10 Cross domain issue - Access Denied error while making xhr call


The IE10 supports CORS fully. 
In some cases user may face "Access denied" while making a xhr call. 
Let me try to explain the scenario where the user will get "Access denied" error-

Before that we should be aware of the two terminology -

Origin : domain hosting the script content
Host : the domain requested by xhr call

Let the Origin in our case be *.adobe.co.uk & Host be *.adobe.com.

Now either both domains should be in the IE10 trusted site domain list or both should not be present in the list. To go to the IE trusted site settings, Go to Internet options -> Security -> Select trusted sites option & click on Sites(button). It will show all the trusted websites (domain)

If one of the Origin/ Host is present in the trusted site domain list, then the user will get Access denied error while making xhr call in the native open method of javascript. for example user will get Access denied error while making xhr call to *.adobe.com from the script hosted/running on *.adobe.co.uk

Cross domain reference link from MS blog -CORS for XHR in IE10

Working cross domain example - Cross-Site Upload
In the cross site upload example -

Origin - http://ie.microsoft.com/
Host - http://html5labs.interoperabilitybridges.com.

If we put either the Origin or Host in the Trusted Sites domain then while making the xhr call, Access Denied error will prevent file upload operation.

12 comments:

  1. THANK YOU!
    After 2 days of searching and seeing dozens of questions about this problem without answers... the answer is here, and so simple!

    ReplyDelete
  2. Thank you! Helped us while performing a critical deployment test at our customer.

    ReplyDelete
    Replies
    1. Glad that it helped you during your deployment !!!

      Delete
  3. Hey, great blog, but I don’t understand how to add your site in my rss reader. Can you Help me please? video streaming

    ReplyDelete
    Replies
    1. Thanks Calvin.
      You can add the following URL is your RSS feed to get the update from the blog - http://devmohd.blogspot.com/feeds/7345933586904079584/posts/default?alt=rss

      Delete
  4. This comment has been removed by the author.

    ReplyDelete
  5. Awesome bro... this is the single place where a real solution to this issue is discussed.

    ReplyDelete
  6. Yes, but how to get around this?
    How is it that adding a domain to TRUSTED SITES, dammit, produces "access denied" error?
    This is as counter-intuitive as it gets!

    ReplyDelete
  7. No matter if you admit it or not, the world of technology is changing at a rapid pace. One of the problems of this change is not knowing who is calling you and why. This could happen because you misplaced your address book, may be you have a lot of free phonecalls that you may receive or you might want to know where your kids are calling from.

    ReplyDelete