0

Cors issue specifically in Internet Explorer only when calling API from ajax call.

1)Request header content-type was not present in the Access-Control-Allow- Headers list 2)XMLHttpRequest: Network Error 0x80070005, Access is denied.

I tried by followings 

   xhrFields: {
     withCredentials: true
    }

also by setting ...

  • crossDomain: true
    • ...
  • headers: { 'Access-Control-Allow-Origin': '*' },

    • Ajax call

        var url = "https://dev-connectivity.dummylink";
 var data = JSON.stringify({    
    "lang": "en",
    "ClientId": "asdfasf3452345c42352345c",
    "CountryCode": "34"
});  

     $.ajax({
    url: url,
    type: 'POST',
    contentType: 'application/json; charset=utf-8',
    headers: {
        'Access-Control-Allow-Origin': '*' },
    data: data,
    success: function (data) {
        alert("tets");
    },
    error: function (error) {
       alert("error");
                }
});

    //My api Webconfig code

         <httpProtocol>
    <customHeaders>
      <remove name="Access-Control-Allow-Origin" />
      <add name="Access-Control-Allow-Origin" value="*" />
      <add name="Access-Control-Allow-Methods" value="*" />
      <add name="Access-Control-Allow-Headers" value="*" />
    </customHeaders>
  </httpProtocol>

    // also Enabling Cors in startup

              services.AddCors(o => o.AddPolicy("CorsPolicy", builder =>
        {
            builder.AllowAnyMethod()
                .AllowAnyHeader();
        }));

    app.UseCors("CorsPolicy");

    Improve this question
    4
    • headers: { 'Access-Control-Allow-Origin': '*' }, is useless on the Ajax call.
      – epascarello
      Commented Apr 23, 2019 at 14:04
    • a lot of browsers do not like * as values
      – epascarello
      Commented Apr 23, 2019 at 14:06
    • I had also tried this var url = "dev-connectivity.dummylink"; headers: { 'Access-Control-Allow-Origin': url },
      – Irfan Ullah
      Commented Apr 23, 2019 at 18:14
    • Please try to go to Internet Options > Security > Trusted Sites menu and add the domain to the trusted site list. other thing you can try is go to Security Tab (Internet Options> Security tab> Custom settings) make ENABLE The Following setting: Miscellaneous> Access data sources across domains. You can try to test this on your side and let us know about your testing results.
      – Deepak-MSFT
      Commented Apr 24, 2019 at 5:14

    1 Answer 1

    Reset to default
    0

    IE doesn't accept Content-Type header if you have provided * in you web.config file so to fix this issue, you need to manually add Content-Type header in Access-Control-Allow-Headers list inside your web.config file.

      <customHeaders>
     <remove name="Access-Control-Allow-Origin" />
     <add name="Access-Control-Allow-Origin" value="*" />
     <add name="Access-Control-Allow-Headers" value="Content-Type, Any-Other-Header" />
  </customHeaders>
    Improve this answer

    Not the answer you're looking for? Browse other questions tagged or ask your own question.