Wednesday, September 4, 2013

IE10 Cross domain issue - Access Denied error while making xhr call

The IE10 supports CORS fully. 
In some cases user may face "Access denied" while making a xhr call. 
Let me try to explain the scenario where the user will get "Access denied" error-

Before that we should be aware of the two terminology -

Origin : domain hosting the script content
Host : the domain requested by xhr call

Let the Origin in our case be * & Host be *

Now either both domains should be in the IE10 trusted site domain list or both should not be present in the list. To go to the IE trusted site settings, Go to Internet options -> Security -> Select trusted sites option & click on Sites(button). It will show all the trusted websites (domain)

If one of the Origin/ Host is present in the trusted site domain list, then the user will get Access denied error while making xhr call in the native open method of javascript. for example user will get Access denied error while making xhr call to * from the script hosted/running on *

Cross domain reference link from MS blog -CORS for XHR in IE10

Working cross domain example - Cross-Site Upload
In the cross site upload example -

Origin -
Host -

If we put either the Origin or Host in the Trusted Sites domain then while making the xhr call, Access Denied error will prevent file upload operation.

IE 8/ 9 doesn't support onload()/ onerror event

IE 8/ 9 doesn't support onload()/ onerror event. It is supported on IE 10.

Always perform browser check in the code. For example using onload function, always perform check like -

var scriptlocale = document.createElement("script");

// block executed for IE8/ IE9
if(typeof (scriptlocale.onload) === "undefined"){

// executed in case of IE10 browser
scriptlocale.src = "testScript.js"';

scriptlocale.onload = executeOnLoadCallBack;

scriptlocale.onerror = executeOnErrorCallBack;