All geek questions in one place

Why don't CORS requests work in Microsoft Edge, but work in other browsers?

I use jQuery to send ajax requests for cross origin, and they work fine in IE11, Chrome and Firefox, but they do not work in Edge with the following error:

SCRIPT7002: XMLHttpRequest: network error 0x80070005, access denied.

Interestingly, I used Fiddler to try to figure out what is happening, and when Fiddler is running and capturing requests, everything is working fine. As soon as I close Fiddler or capture pause, it does not work again.

The site runs on my local computer (webpack-dev-server), which makes requests over the local network to the WebAPI service.

My hosts file is configured as follows:

127.0.0.1 local.myapp.test 192.168.0.111 api.myapp.test

This should not be a problem in production, as the site and API will be located in one place, but it is invaluable for development and testing.

Update:

Thanks to Eric Law, I now know why it behaved differently with Fiddler turned on - Edge switched to the local intranet zone due to changes in the Fiddler proxy settings, and the intranet zone has a lower level of security.

Fiddler forum response

I'm going to raise the security level of the local intranet zone to Medium-High to match the Internet zone, and then use Fiddler to try to find out why Edge is upset in the CORS request.

+5
source share
3 answers

I will explain below, verbatim, the answers that Eric Lawrence (creator of Fiddler) kindly provided on the Fiddler forum:

One possibility is that your computer is configured using an intranet zone and that the intranet zone depends on the configuration of the proxy script: http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the -local-intranet-security-zone.aspx . When Fiddler is running, the proxy settings are pointed to by Fiddler itself.

... there is another factor here if you use the Intranet site as an XHR object from a site in the Internet zone.

Edge works in Advanced Protected Mode (AppContainer). It has a function that blocks access to private network resources from Internet zone processes. For more information, see the section "Private Network Resources" http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies -metro-desktop.aspx .

I added local.myapp.test (the URL from which I launch my SPA) to the local intranet zone in the Internet settings, and now Edge is happy without using Fiddler.

+2
source

I came across this question, and having tried several options, I worked on deleting the domain that I work from all the records of the Zone site. Using local.myapp.test as an example, I checked any "anysubdomain" .myapp.test records and deleted them from all zones, including all subdomains or wildcard entries.

In "Internet Properties" (IE 11), select the security tab and in the " Local intranet " click " sites ", then " Advanced " and delete the corresponding domain links there.

In the Trusted sites section, click " sites " and delete the relevant entries from the list there

+3
source

Q: in the checkboxes inside Edge, make sure that "Allow local loopback (this could put your device at risk)."

+1
source

Source: https://habr.com/ru/post/1242195/

More articles:


All Articles