I try to build a simple wrapper function for making CORS Ajax requests in IE 8:
function getCORS(url, success) {
var xhr = new XDomainRequest();
xhr.open('GET', url);
xhr.onload = success;
xhr.send();
return xhr;
}
getCORS('http://foo.com/?q=test', function(request){
console.log(request.currentTarget.response || request.target.responseText);
});
However, IE 8 returns "Access denied", although CORS requests in modern browsers using 'XMLHttpRequest()' work properly. Any idea?
Internet Explorer's XDomainRequest will never send the Cookies or Authorization headers. This means that if the target of your request is protected, the request can never be authenticated.
If you really have to do this (I had to do this in the past for native HTTP streaming) you need the target of XDomainRequest to be protected using an authorization scheme that doesn't use cookies or the Authorization header (http basic auth). For example, you could obtain some kind of token from a protected address first, and then send that token to your XDomainRequest target.