none
Does Internet Explorer 11 now take ports into consideration when deciding if they are the same origin with regards to CORS? RRS feed

  • Question

  • Hello All

    Since the creators update it seems that some of my machines are now sending a pre-flight OPTIONS request on my PUT request which is causing problems with the system. It is failing on the OPTIONS request and does not even attempt the PUT request afterwards.

    The only difference between the two origins is the port that is being used. In the past Internet Explorer has not taken the port into consideration when comparing origins, so it has worked fine. But as of the creators update this has seemingly changed.

    v 11.0.9600.18665 / uv 11.0.42 is working fine (using Windows 7)

    v 11.296.15063.0 / uv 11.0.42 is no longer working (using Windows 10 post-creators update)

    Can someone confirm this or tell me otherwise?

    Many thanks in advance,

    Sam

    EDIT: This is possibly related to KB4016240


    Friday, June 9, 2017 7:29 AM

All replies

  • Hi, 

    it's possible to avoid options request. Options request is a preflight request when you send (post) any data to another domain. It's a browser security issue. But we can use another technology: iframe transport layer. I strongly recommend you forget about any CORS configuration and use readymade solution and it will work anywhere.

    Take a look here: https://github.com/jpillora/xdomain

    And working example: http://jpillora.com/xdomain/

    Please Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information. 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 12, 2017 6:00 AM
    Moderator
  • Hi

    Firstly, thank you for the response. It is appreciated. I knew there were ways around the options request problem, I was more just trying to figure out why this broke and ensuring this was the issue - especially given the Microsoft pages on CORS state that:

    Note

    Internet Explorer does not consider the port when comparing origins.

    https://docs.microsoft.com/en-us/aspnet/core/security/cors

    Thanks

    Sam

    Monday, June 12, 2017 9:40 AM
  • Thanks for feedback this content issue. Since I am not familiar with IE develop, I can just provide the limit information.

    In addition, I will try to help on feedback about the content issue, hope we can get some updates in next content release. 

     

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 13, 2017 6:15 AM
    Moderator