javascript - Ajax stops working after changing domain name in internet explorer 9 - Stack Overflow

admin管理员组

文章数量:1332383

We are developing a mobile site using html5, jQuery(1.8.2) and jQuery mobile while making jQuery ajax calls (get and post).
After we changed our domain name, we are getting "access denied" for ajax calls on ie9.
We tried to include jquery.iecors.js. But still we are getting the same error.Is there any resolution for this?

Sample Code:

$.support.cors = true;

$.ajax({
    cache: false,
    async: true,
    crossDomain: true,
    timeout: 600000,

    url: baseUrl + '/SmartTouch/restServices/PrefferedHotels',
    type: 'GET',

    beforeSend: function (xhr) {
        xhr.setRequestHeader("Authorization", "Basic " + myencoded);
    },
    contentType: "application/x-www.form-urlencoded; (;) (;) charset=UTF-8",
    success: function (data) {

        alert("success");
    },
    error: function (jqXHR, textStatus, errorThrown) {


        alert("error!!::" + JSON.stringify(jqXHR));

        alert('response: ' + jqXHR.responseText);
        alert('code: ' + jqXHR.getResponseHeader('X-Subscriber-Status'));
        alert("textStatus " + textStatus);
        alert("errorThrown " + errorThrown);

    }
});

Edited:

beforeSend: function (xhr) {
    xhr.setRequestHeader("Authorization", "Basic " + myencoded);
    xhr.setRequestHeader("Access-Control-Allow-Origin", "*");
    xhr.setRequestHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS");
},
contentType: "application/x-www.form-urlencoded; (;) (;) charset=UTF-8",
success: function (data) {
    alert("success");
},
error: function (jqXHR, textStatus, errorThrown) {
    alert("error!!::" + JSON.stringify(jqXHR));

Request and Response headers in IE9:

 Request:
    Key Value
    Request GET url HTTP/1.1
    Accept  text/html, application/xhtml+xml, */*
    Accept-Language en-US
    User-Agent  Mozilla/5.0 (patible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
    Accept-Encoding gzip, deflate
    Proxy-Connection    Keep-Alive
    Host     ("url")
    Pragma  no-cache
    Cookie  GUEST_LANGUAGE_ID=en_US; COOKIE_SUPPORT=true; __utmc=24444716; __utma=24444716.47018335.1379597653.1380274476.1380276859.17; __utmz=24444716.1379597653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=24444716.6.10.1380276859 





    Response:
    Key Value
    Response    HTTP/1.1 200 OK
    Server  Apache-Coyote/1.1
    X-Powered-By    Servlet 2.5; JBoss-5.0/JBossWeb-2.1
    Accept-Ranges   bytes
    ETag    W/"64578-1380266616000"
    Last-Modified   Fri, 27 Sep 2013 07:23:36 GMT
    Content-Type    text/html
    Date    Fri, 27 Sep 2013 10:17:01 GMT
    Content-Length  64578
    Age 0
    Via 1.1 localhost.localdomain 

We are developing a mobile site using html5, jQuery(1.8.2) and jQuery mobile while making jQuery ajax calls (get and post).
After we changed our domain name, we are getting "access denied" for ajax calls on ie9.
We tried to include jquery.iecors.js. But still we are getting the same error.Is there any resolution for this?

Sample Code:

$.support.cors = true;

$.ajax({
    cache: false,
    async: true,
    crossDomain: true,
    timeout: 600000,

    url: baseUrl + '/SmartTouch/restServices/PrefferedHotels',
    type: 'GET',

    beforeSend: function (xhr) {
        xhr.setRequestHeader("Authorization", "Basic " + myencoded);
    },
    contentType: "application/x-www.form-urlencoded; (http://www.form-urlencoded;) (http://www.form-urlencoded;) charset=UTF-8",
    success: function (data) {

        alert("success");
    },
    error: function (jqXHR, textStatus, errorThrown) {


        alert("error!!::" + JSON.stringify(jqXHR));

        alert('response: ' + jqXHR.responseText);
        alert('code: ' + jqXHR.getResponseHeader('X-Subscriber-Status'));
        alert("textStatus " + textStatus);
        alert("errorThrown " + errorThrown);

    }
});

Edited:

beforeSend: function (xhr) {
    xhr.setRequestHeader("Authorization", "Basic " + myencoded);
    xhr.setRequestHeader("Access-Control-Allow-Origin", "*");
    xhr.setRequestHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS");
},
contentType: "application/x-www.form-urlencoded; (http://www.form-urlencoded;) (http://www.form-urlencoded;) charset=UTF-8",
success: function (data) {
    alert("success");
},
error: function (jqXHR, textStatus, errorThrown) {
    alert("error!!::" + JSON.stringify(jqXHR));

Request and Response headers in IE9:

 Request:
    Key Value
    Request GET url HTTP/1.1
    Accept  text/html, application/xhtml+xml, */*
    Accept-Language en-US
    User-Agent  Mozilla/5.0 (patible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
    Accept-Encoding gzip, deflate
    Proxy-Connection    Keep-Alive
    Host     ("url")
    Pragma  no-cache
    Cookie  GUEST_LANGUAGE_ID=en_US; COOKIE_SUPPORT=true; __utmc=24444716; __utma=24444716.47018335.1379597653.1380274476.1380276859.17; __utmz=24444716.1379597653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=24444716.6.10.1380276859 





    Response:
    Key Value
    Response    HTTP/1.1 200 OK
    Server  Apache-Coyote/1.1
    X-Powered-By    Servlet 2.5; JBoss-5.0/JBossWeb-2.1
    Accept-Ranges   bytes
    ETag    W/"64578-1380266616000"
    Last-Modified   Fri, 27 Sep 2013 07:23:36 GMT
    Content-Type    text/html
    Date    Fri, 27 Sep 2013 10:17:01 GMT
    Content-Length  64578
    Age 0
    Via 1.1 localhost.localdomain 

• javascript
• css
• ajax
• jquery-mobile

Share Follow edited Sep 27, 2013 at 14:57 Rookie 8,8001717 gold badges6161 silver badges9292 bronze badges asked Sep 23, 2013 at 6:51 user1533947user1533947 20711 gold badge22 silver badges77 bronze badges 11

• 1 baseUrl is hard coded? or do get it from the html output? – Jorge Y. C. Rodriguez Commented Sep 23, 2013 at 6:52
• Did you check your authorization for that domain (server) is not wrong ? myencoded what this variable holds are correct ? – Maz Commented Sep 23, 2013 at 6:54
• baseUrl is hard coded. I am able to make ajax calls successfully in other browsers including ie10.So i think authorization is not a problem. – user1533947 Commented Sep 23, 2013 at 6:58
• 1 Seems like the answer is given here: stackoverflow./questions/10232017/… – Vytautas Butkus Commented Sep 25, 2013 at 7:12
• 1 @ Vytautas We have tried all the options given in this link,but nothing worked.Our problem is we are doing basic authorization and including following header: xhr.setRequestHeader("Authorization", "Basic " + myencoded); in our ajax call.But in ie9 we are getting access denied.Is there any way to include this header? – user1533947 Commented Sep 25, 2013 at 9:57

 |  Show 6 more ments

6 Answers 6

Sorted by: Reset to default 2

This kind of Content-Type looks strange:

application/x-www.form-urlencoded; (http://www.form-urlencoded;) (http://www.form-urlencoded;) charset=UTF-8"

I can imagine the IE has as problem with it.

Try the proper one:

application/x-www-form-urlencoded; charset=UTF-8
                 ^-- notice: no dot!

It's also possible for the IE to have problems with the authorization. Maybe myencoded is out of the scope or not filled correctly. Debug this variable and have a look at this question: Authorization through setRequestHeader

If you want the Ajax url to be hit from any domain, the server must send a response header Access-Control-Allow-Origin : * or Access-Control-Allow-Origin : your-domain if restricted only to your domain.Can you see these headers in response?

See this Microsoft article on CORS implementation on IE8 and IE9: http://blogs.msdn./b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx

Specifically they say two things:

• No custom headers may be added to the request

and

• No authentication or cookies will be sent with the request

And you mentioned in your ment:

Our problem is we are doing basic authorization and including following header: xhr.setRequestHeader("Authorization", "Basic " + myencoded); in our ajax call.But in ie9 we are getting access denied.Is there any way to include this header?

Unfortunately, the answer I'll have to give you is no, there is no way to include this header in IE8 or IE9. Microsoft designed it that way.

To get it to work with CORS on IE9 you'll have to convince the site you're connecting to to allow you to send authorization information some other way - maybe query params or post data.

If the site is not cooperative there's always the request proxy work-around where you request to a page on your server and you server forwards the request with the correct header etc.

You seem confident that the issue has nothing to do with the suggested jQuery bug (especially since you're using jquery.iecors.js) so I'll move right on.

• What is the significance of the "edited" bit? Access-Control-Allow-Origin:* should be set on the response (i.e. server-side, as part of Apache/IIS/F5 configuration), not on the request. Edit: there is more information available on MDN; you could also use something like burp's tampering proxy to play with the headers if you don't have immediate access to config changes (pretty mon in an enterprise environment)

• Even if not an issue, @DanFromGermany is absolutely right - content-type does look strange. You shouldn't even have to set it manually, jQuery.ajax() has it correct by default.

• You also seem concerned with setting the basic authentication header. Remember that myencoded value is just encoded (not encrypted), so you might as well skip the header and pass credentials in the URL: http(s)://username:[email protected]/

Moar edit:

Looking through those MDN docos above, this seems relevant:

By default, in cross-site XMLHttpRequest invocations, browsers will not send credentials. A specific flag has to be set on the XMLHttpRequest object when it is invoked.

Perhaps try adding xhr.withCredentials = true; to your beforeSend?

Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *. Since the Access-Control-Allow-Origin explicitly mentions http://foo.example, the credential-cognizant content is returned to the invoking web content.

This would invalidate previous advice of using an asterisk in the header (i.e. explicit domain is required)

If you were using windows based hosting?

Please check old configs for the IIS, if available,

there are security provisions which will allow content by its type,

add this response header <% Response.AddHeader("Access-Control-Allow-Origin","*") %> in your page also.

or refer the source link to MSDN for more details

I think you have updated this in edits but there are many things as its AJAX involved, and your IE9 may also one of the reason if you have changed security options and not default.

I think that should do, if not please reply

You can try this

<meta http-equiv="X-UA-Compatible" content="IE=Edge" >

It forces the browser the render at whatever the most recent version's standards are. For reference http://msdn.microsoft./en-us/library/ie/ms533876%28v=vs.85%29.aspx

本文标签： javascriptAjax stops working after changing domain name in internet explorer 9Stack Overflow