Access control for cross site requests in Internet Explorer
I am trying to make an AJAX call from several domains to a single one which will handle the request. Enabling Cross domain in Firefox and Chrome was easy by setting the header on the handling server:
header("Access-Control-Allow-Origin: *");
But this doesn't help enabling it in Internet Explorer. When I try:
httpreq.send('');
it stops with error Access denied.
How can this be enabled in Internet Explorer?
Answer
Much has changed since I first posted my solution for CORS in IE7 and above. First of all the jQuery property $.support.cors is true by default, .NET frameworks 4.0 and above no longer support CORS as implemented in versions 3.5.1 and lower. When writing a web service with ASP.NET 4.0 I had install the Thinktecture.IdentityModel which is available as a NuGet package. Then, in the Application_Start method of the Global.asax file, add:
void Application_Start(object sender, EventArgs e)
{
Thinktecture.IdentityModel.Http.Cors.IIS.UrlBasedCorsConfiguration.Configuration
.ForResources("*")
.ForOrigins("http://localhost:80, http://mydomain")
.AllowAll()
.AllowMethods("GET", "POST");
}
Now add the httpProtocol element within system.webServer:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Accept, X-Requested-With, X-File-Name" />
<add name="Access-Control-Allow-Methods" value="GET, POST" />
</customHeaders>
</httpProtocol>
My $.ajax call is now:
$.ajax({
url: serviceUrl,
data: JSON.stringify(postData),
type: "POST",
cache: false,
contentType: "application/json; charset=utf-8",
dataType: "json",
success: onSuccess,
error: onError
});