IE11 CORS preflight request is aborted when server requests client TLS certificate

Issue #1282036 • Assigned to Brandon M.


Jan 2, 2015
This issue is public.
Reported by 20 people

Sign in to watch or report this issue.

Steps to reproduce

(Carled: Internal note: although this was filed from external connect - this issue is impacting one of our scenarios for developer submission of apps to the MS Store.   Chrome works, but IE fails, and this bug would prevent developers using IE from submitting AoW apps).


Repro Steps:

  1. Set up a REST web service which uses TLS client certificates for authentication
  2. Set up an HTML/JavaScript front-end for this web service, running on a different domain
  3. Install a valid client certificate for the web service into IE11
  4. Using IE11, attempt an action in the front-end which results in a GET request to the web service
    Expected and Actual Results: The GET request succeeds, using the client cert
  5. Using IE11, attempt an action in the front-end which results in a PUT request to the web service
    Expected Results: After a preflight request, the PUT is executed successfully
    Actual Results: The preflight request is aborted and the PUT never occurs

Expected Results:

The preflight request should be performed without sending the client certificate. The actual request should then be performed with the client certificate.

Actual Results:

Dev Channel specific:



0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Tony S.”

      Changed Steps to Reproduce

      Changed Assigned To from “Tony S.” to “Venkat K.”

      Changed Assigned To from “Venkat K.” to “Krunal S.”

      Changed Status to “Confirmed”

      Changed Assigned To from “Krunal S.” to “IE F.”

      Changed Status from “Confirmed” to “Won’t fix”

      Changed Assigned To to “David W.”

      Changed Status from “Won’t fix”

      Changed Assigned To from “David W.” to “Venkat K.”

      Changed Assigned To from “Venkat K.” to “Brandon M.”

    • This occurs regardless of whether the browser has a client certificate available. If the remote site even requests a client certificate, IE aborts the preflight. A test case server demonstrating the issue is available at

    • I experience the issue as well. Isn’t it possible to complete the preflight by discarding the user certificate request ?
      This makes all APIs using client certificate break in IE11…
      This bug is now 3 years old and has been marked as Wont Fix twice?

    • Experiencing the same issue. Preflight requests gets aborted by IE11.

    • What the situation with this issue? It affects any dev using fetch with react!

    You need to sign in to your Microsoft account to add a comment.

    Sign in