Make a CORS request in IE9 with cookies?

Jeff picture Jeff · Jun 8, 2012 · Viewed 13.2k times · Source

In IE9, I am attempting to make a cross origin request with cookies. However, even when I have the Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Access-Control-Allow-Methods all set to the appropriate values (the origin domain, true, and GET, POST), IE9 still isn't sending or setting cookies from the request. Here's the script I'm using:

var xdr = new XDomainRequest()
xdr.open("http://mydomain.com/cors.php")
xdr.withCredentials = true;
xdr.send();

Any idea on how to get cookies to work with CORS requests in IE9?

Answer

Artem Oboturov picture Artem Oboturov · Jun 8, 2012

From this page http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx at the bottom you can see Update: Internet Explorer 10 now supports CORS using XMLHTTPRequest. It means CORS is not handled properly in IE9. Sorry. They propose some workarounds with proxy in the same article.

Browser compatibility matrix is given at http://caniuse.com/cors where by partial support they mean

Internet Explorer 8 provides support via the XDomainRequest object but doesn't support credentialed requests http://code.google.com/p/sgvizler/wiki/Compatibility.