Re: Possible Bug: XMLHttpRequest Cross Domain (CORS) in IE9: Access is denied
8,313 views
Skip to first unread message
Kai Virkki
Aug 10, 2012, 2:33:53 AM8/10/12
to ang...@googlegroups.com
Hi!
perjantai, 20. heinäkuuta 2012 21.54.17 UTC+3 Nick kirjoitti:
I have an angularjs app that is using ngResource to get data from a server in different domain (UI is in https://x.example.com and server in https://y.example.com). I have configured CORS settings to server and everything works fine with Chrome and Firefox, but with IE9, I just get the error "Error: Access is denied. undefined". This definitely seems to be a bug in AngularJS. Do you have a patch that would fix this? I assume that your fixes fix this and your other problem is related to calling http service from https UI, which is not the case for us.
Cheers,
-Kai
perjantai, 20. heinäkuuta 2012 21.54.17 UTC+3 Nick kirjoitti:
Well after more research, it would seem that Angular needs a way to support XDomainRequest in the case of CORS. I hacked it in (line 8943 or so in angular-1.0.1.js new XHR()) to be new XDomainRequest()This would have worked, except I'm running on a https domain calling a CDN on http. Of course this works on other browsers, just not IE. Reference this article, specifically point #7Hope this will help someone in the future
On Friday, July 13, 2012 11:32:16 AM UTC-7, Nick wrote:Hey all -I'm using a CDN on a different domain to retrieve data for our webapp. We decided to use CORS (specifically "simple request"). To get this to work, I had to remove the 'X-Requested-With': 'XMLHttpRequest' default header from angular-1.0.1.js. That's a separate issue, not what I'm getting at.It seems that IE8 & IE9 use a different object than XmlHttpRequest (of course): XDomainRequest. I'm getting an 'Error: Access is denied' in my debugging console in IE9 on line 8942 of angular-1.0.1.js (xhr.open(method, url, true);)Some reference links:Is this something angular just hasn't accommodated / supported yet, or perhaps I'm doing something else wrong? Let me know if I can provide anything further to help track this down. We were hoping to go to BETA next week... :)
Ricardo Bin
Aug 10, 2012, 2:20:36 PM8/10/12
to ang...@googlegroups.com
I made this pull request few months ago
It could be useful to you
Nick
Aug 10, 2012, 3:07:14 PM8/10/12
to ang...@googlegroups.com
Kai -
You can't do cross domain CORS requests in IE9 - you'll always get an access denied JS exception.
Read http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx (specifically, point #7)
Kai Virkki
Aug 13, 2012, 4:07:25 AM8/13/12
to ang...@googlegroups.com
Nick,
Are you sure about this? That point #7 that you mentioned says that http resources cannot be accessed if your page is https and vice versa. This is not my case; I have https both in the page and on the server on the other domain.
Cheers,
-Kai
Nick
Aug 13, 2012, 12:28:57 PM8/13/12
to ang...@googlegroups.com
My apologies, I misunderstood what you said. If both domains are on HTTPS, you should be fine. Make sure you're using XDomainRequest. Look at your network tab in the web inspector / debugger in FF / Chrome / Safari. Look at the request headers being set. You cannot include ANY custom headers (AngularJS was including X-Requested-With header by default, so I removed that from angular-1.0.1.js line 8234. Read https://developer.mozilla.org/en/http_access_control#Simple_requests for more info)
Thomas Thiery
Aug 6, 2013, 11:18:56 AM8/6/13
to ang...@googlegroups.com
I find this and I think it<s a better approch than remove a line of code :
This line may be very useful :
delete $httpProvider.defaults.headers.common['X-Requested-With'];
Reply all
Reply to author
Forward
0 new messages