Access denied exception with jquery Ajax call when origin is ms-local-stream

Question

I'm trying to make an ajax call with origin as ms-local-stream and target as a server on intranet. But the request fails.

The request is not even made (seen in Charles). And 'Access Denied' is thrown immediately.

Ajax call is of the form:

    $.ajax({
          type: 'POST',
          url: url,
          async: false,
          contentType: 'application/json',
          cache: false,
          });

I've seen many threads and posts regarding windows CORS. But I cannot make out that how to get headers like Access-Control-Allow-Origin in response, when the call is not even reaching the network.

I've also tried adding origin (ms-local-stream://7d987b49-2425-46db-b5a2-55b6ed708472_6c63666f726d73) to the trusted site in Internet explorer ( Just for testing). But it doesn't work either. The answer here : Access denied in IE 10 and 11 when ajax target is localhost might be the reason for this to be not working.

Is there a way to make this work.

Thanks.

Answer 1

Internet Explorer raises this error as part of its security zones feature. Using default security settings, an "Access is Denied" error is raised when attempting to access a resource in the "Local intranet" zone from an origin in the "Internet" zone.

If you were writing your Ajax code manually, Internet Explorer would raise an error when you try to open the resource. For example:

 var xhr = new XMLHttpRequest();
 xhr.open('GET', 'http://localhost/', true); 
 xhr.send();

You can work around this error by adding the origin site to the "Trusted sites" security zone. You can test this by adding "http://client.cors-api.appspot.com" to your "Trusted sites" zone and using this test page at test-cors.org with your localhost site as the Remote URL.