2

I've a problem with an application that is communicating thru Ajax to consume some restful services from another server.

The problem seams to appear just with IE and when the consuming application is in a Server that have ssl, I mean when I consume the same services from the same server from other box everything works fine.

I've the Restful services on a Server (https://api.restbla/..) that have SSL and I've to consume these from other servers (with or without ssl certificate)

Testing with Internet Explorer I get the results:

  • If I consume the services from my local works
  • If I consume the services from the same box (where the restful are hosted) works
  • If I consume the services from another server withouth ssl works
  • But when I consume the services from a server on https dont work on IE.

All of the prior test work with Chrome and FF

This is the javascript that im using to make the ajax call

function load(_url, _callback, _params, _type, _htmlMethod, _onStartFunction, _onFinishFunction) {
    var xhr;
    if (isFunction(_onStartFunction)) { _onStartFunction(); }
    ieVersion = getInternetExplorerVersion();
    if (typeof XMLHttpRequest !== 'undefined') {
        console.log("XMLHttpRequest");
        xhr = new XMLHttpRequest();
    }else {
        if (ieVersion > 7){ 
            console.log("XDomainRequest");
            xhr = new XDomainRequest();
        }else{
            var versions = [ "MSXML2.XmlHttp.5.0", "MSXML2.XmlHttp.4.0", "MSXML2.XmlHttp.3.0", "MSXML2.XmlHttp.2.0", "Microsoft.XmlHttp" ];
            for ( var i = 0, len = versions.length; i < len; i++) {
                try { 
                    console.log("ActiveXObject: " + versions[i]);
                    xhr = new ActiveXObject(versions[i]); 
                    break;
                } catch (e) { /* attempt next one*/ }
            }
        }
    }
    xhr.onreadystatechange = ensureReadiness;
    if (_type == JSON_TYPE) {
        contentType = "application/json";
    }else{
        contentType = 'text/plain';
    }

    function ensureReadiness() {
        if (xhr.readyState < 4) { return; }
        if (xhr.status !== 200) {
            showServiceDown();
            if (isFunction(_onFinishFunction)) { _onFinishFunction();}
            return;
        }
        if (xhr.readyState === 4) {
            if (isFunction(_onFinishFunction)) {_onFinishFunction(); }
            var responseText = "";
            responseText = xhr.responseText;
            if (_type == JSON_TYPE) {
                _callback(responseText);
            } else if (_type = HTML_TYPE) {
                var replaced = responseText.replace(/\\/g, '///');
                _callback(replaced);
            } else { _callback(responseText); }
        }
    }
    if ((_htmlMethod == undefined) || (_htmlMethod == null) || (_htmlMethod == "")) {
        _htmlMethod = METHOD_POST;
    }
    xhr.open(_htmlMethod, _url, true);
    xhr.withCredentials = true;
    xhr.setRequestHeader("Content-type", contentType);
    _params = (_params != undefined) ? _params : null;
    xhr.send(_params);
}

I can't use any javascript framework for this project.

the certificates are mede internal by the company are for internal only usage so any browser validation mail fail, I dont know if this have something to do with the issue.

I hope anyone have some solution for this problem.

thanks a lot for your time.

cesaregb
  • 735
  • 1
  • 10
  • 27

1 Answers1

1

I've had a similar problem that was solved by adding a dummy onprogress callback to the XDomainRequest in the IE case:

if (ieVersion > 7){ 
    console.log("XDomainRequest");
    xhr = new XDomainRequest();
    xhr.onprogress = function() {}; // <-- add this
}

It seemed that IE was aborting the cross-domain request if there was no onprogess handler defined.

Here's a function I use for AJAX, maybe there is something in it that helps you: 
  /**
   * Wraps jQuery's AJAX, adds X-Domain support for IE
   * 
   *
   */
  function xDomainAJAX (url, settings) {
    jQueryRequired();
    $.support.cors = true; // enable x-domain
    if ($.browser.msie && parseInt($.browser.version, 10) >= 8 && XDomainRequest) {
      // use ms xdr
      var xdr = new XDomainRequest();
      xdr.open(settings.type, url + '?' + $.param(settings.data));
      xdr.onprogress = function() {};
      xdr.onload = function() {
        settings.success(xdr.responseText);
      };
      xdr.onerror = settings.error;
      xdr.send();
    } else {
      // use jQuery ajax
      $.ajax(url, settings);
    }
  }
calebds
  • 23,502
  • 7
  • 39
  • 73
  • I've tried that and didnt worked either :S.. I notice that when in the internet explorer properties->security->Security Settings I select access data sources across domains as enable ,.. it works on IE .. – cesaregb Mar 15 '13 at 21:53
  • @cesaregb I added a code example that has worked for me in the past – calebds Mar 15 '13 at 23:07
  • ye actually that worked.. use the XDomainRequest for IE and adding the onprogress and onload listeners ... damn with IE thanks a lot – cesaregb Mar 17 '13 at 23:44
  • I like this but it doesnt work. It fails at the xdr.open. My thought is that it doesnt like the authentication? i end up pinging: https:mysite.mydomain.com/something/foo with settings {type="GET", header:{Authentication: "Basic 2nms8i23g8-"}, success:function(){}, error:function(){}, data:{}} It just says: Access denied for the IE CORS request. – Fallenreaper Oct 03 '13 at 20:04
  • Worth noting as I research a similar problem (and this isn't to refute paislee at the time they wrote it) XDR is no longer implemented in IE11, and also $.browser is no longer included in jQuery. An excellent solution that has simply become undone by the passing of time. – Greg Pettit Apr 21 '14 at 18:39
  • Incidentally, and updated information ( @paislee have you run across this? ) would be highly appreciated. Here's the new question link: http://stackoverflow.com/questions/23205315/cors-with-ie11-access-denied-with-ssl-to-localhost – Greg Pettit Apr 21 '14 at 21:03
  • IE Blocks access to the Intranet from Internet Zone. See #6 here: http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx?Redirected=true – EricLaw Apr 24 '14 at 14:24