XMLHttpRequest withCredentials for IE11 handled in different ways between Windows 7 and Windows 10

Issue #15479375 • Assigned to Steven K.

Details

Author
James S.
Created
Jan 16, 2018
Privacy
This issue is public.
Found in
  • Internet Explorer
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

I have a server which for testing purposes I am running on the following URL: http://james:8081

This server has basic auth and just returns some data. With the response header Access-Control-Allow-Origin set to the value: “http://james:8080

I have an second server which is running on: http://james:8080

When you navigate to the second server it will make a GET request to the first server using the following code:

var xhr = new XMLHttpRequest();
xhr.open('GET’, 'http://james:8081’, true);
xhr.withCredentials = true;
xhr.send();

The flow is navigate to the first url (http://james:8081), log in with basic auth. Then open another browser tab and navigate to the second url (http://james:8080). The browser should then make the above GET request to the first server, and due to the user having already logged in to that server, the GET request should be satisfied.

This works as expected on Windows 7 using IE11. But it does not work on Windows 10 using IE11, you receive the following in the console:

SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.

With the following request status: 401/Unauthorized.

This was tested on the VMs provided by Microsoft on Modern.ie.

I can’t seem to find an answer for why this is happening, or how I can solve this issue?

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Steven K.”

    • Hi James,

      We mainly handle Edge related issues on this site.  Have you tried the same tests with Edge?

      Which virtual machine are you using?  E.g. VirtualBox, Hyper-V.  What IP do the “james” domains resolve to?

      Steve

    • I am using VirtualBox and the domain resolves to my local IP address.

      I have tested the same issue in Edge. Edge handles it in the same way as IE11 on Windows 10 (which fails).

      I have a work around for Edge, as I can use fetch. So instead of doing:

      var xhr = new XMLHttpRequest();
      xhr.open('GET’, 'http://james:8081’, true);
      xhr.withCredentials = true;
      xhr.send();

      I can do:

      fetch('http://james:8081’, { method: 'GET’, credentials: ‘include’ });

      And this works well, but as fetch is not supported in IE11, I do not have that luxury.

    You need to sign in to your Microsoft account to add a comment.

    Sign in