在internet explorer 9中更改域名后,Ajax停止工作

[英]Ajax stops working after changing domain name in internet explorer 9

We are developing a mobile site using html5, jQuery(1.8.2) and jQuery mobile while making jQuery ajax calls (get and post).
After we changed our domain name, we are getting "access denied" for ajax calls on ie9.
We tried to include jquery.iecors.js. But still we are getting the same error.Is there any resolution for this?

我們正在開發一個使用html5、jQuery(1.8.2)和jQuery mobile的移動站點,同時進行jQuery ajax調用(get和post)。在我們更改了域名之后,我們獲得了對ie9的ajax調用的“訪問拒絕”。我們嘗試包含jquery.iecors.js。但我們還是得到了相同的誤差。有什么解決辦法嗎?

Sample Code:


$.support.cors = true;

    cache: false,
    async: true,
    crossDomain: true,
    timeout: 600000,

    url: baseUrl + '/SmartTouch/restServices/PrefferedHotels',
    type: 'GET',

    beforeSend: function (xhr) {
        xhr.setRequestHeader("Authorization", "Basic " + myencoded);
    contentType: "application/x-www.form-urlencoded; (http://www.form-urlencoded;) (http://www.form-urlencoded;) charset=UTF-8",
    success: function (data) {

    error: function (jqXHR, textStatus, errorThrown) {

        alert("error!!::" + JSON.stringify(jqXHR));

        alert('response: ' + jqXHR.responseText);
        alert('code: ' + jqXHR.getResponseHeader('X-Subscriber-Status'));
        alert("textStatus " + textStatus);
        alert("errorThrown " + errorThrown);




beforeSend: function (xhr) {
    xhr.setRequestHeader("Authorization", "Basic " + myencoded);
    xhr.setRequestHeader("Access-Control-Allow-Origin", "*");
    xhr.setRequestHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS");
contentType: "application/x-www.form-urlencoded; (http://www.form-urlencoded;) (http://www.form-urlencoded;) charset=UTF-8",
success: function (data) {
error: function (jqXHR, textStatus, errorThrown) {
    alert("error!!::" + JSON.stringify(jqXHR));

Request and Response headers in IE9:


    Key Value
    Request GET url HTTP/1.1
    Accept  text/html, application/xhtml+xml, */*
    Accept-Language en-US
    User-Agent  Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
    Accept-Encoding gzip, deflate
    Proxy-Connection    Keep-Alive
    Host     ("url")
    Pragma  no-cache
    Cookie  GUEST_LANGUAGE_ID=en_US; COOKIE_SUPPORT=true; __utmc=24444716; __utma=24444716.47018335.1379597653.1380274476.1380276859.17; __utmz=24444716.1379597653.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=24444716.6.10.1380276859 

    Key Value
    Response    HTTP/1.1 200 OK
    Server  Apache-Coyote/1.1
    X-Powered-By    Servlet 2.5; JBoss-5.0/JBossWeb-2.1
    Accept-Ranges   bytes
    ETag    W/"64578-1380266616000"
    Last-Modified   Fri, 27 Sep 2013 07:23:36 GMT
    Content-Type    text/html
    Date    Fri, 27 Sep 2013 10:17:01 GMT
    Content-Length  64578
    Age 0
    Via 1.1 localhost.localdomain 

6 个解决方案



This kind of Content-Type looks strange:


application/x-www.form-urlencoded; (http://www.form-urlencoded;) (http://www.form-urlencoded;) charset=UTF-8"

I can imagine the IE has as problem with it.


Try the proper one:


application/x-www-form-urlencoded; charset=UTF-8
                 ^-- notice: no dot!

It's also possible for the IE to have problems with the authorization. Maybe myencoded is out of the scope or not filled correctly. Debug this variable and have a look at this question: Authorization through setRequestHeader




If you want the Ajax url to be hit from any domain, the server must send a response header Access-Control-Allow-Origin : * or Access-Control-Allow-Origin : your-domain if restricted only to your domain.Can you see these headers in response?

如果希望從任何域訪問Ajax url,服務器必須發送響應頭訪問-控制-允許-起源:*或訪問-控制-允許-起源:您的域,如果僅限於您的域的話。你能看到這些標頭的響應嗎?



See this Microsoft article on CORS implementation on IE8 and IE9: http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx

請參閱微軟關於IE8和IE9的CORS實現的文章:http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest- limitationandworkounds.aspx

Specifically they say two things:


  • No custom headers may be added to the request
  • 不可以向請求添加自定義頭


  • No authentication or cookies will be sent with the request
  • 不會隨請求一起發送任何身份驗證或cookie

And you mentioned in your comment:


Our problem is we are doing basic authorization and including following header: xhr.setRequestHeader("Authorization", "Basic " + myencoded); in our ajax call.But in ie9 we are getting access denied.Is there any way to include this header?

我們的問題是我們正在做基本的授權,包括下面的標題:xhr。setRequestHeader(“授權”、“Basic”+ myencoded);在我們的ajax調用。但是在ie9中,我們被拒絕訪問。有沒有辦法包括這個標題?

Unfortunately, the answer I'll have to give you is no, there is no way to include this header in IE8 or IE9. Microsoft designed it that way.


To get it to work with CORS on IE9 you'll have to convince the site you're connecting to to allow you to send authorization information some other way - maybe query params or post data.


If the site is not cooperative there's always the request proxy work-around where you request to a page on your server and you server forwards the request with the correct header etc.




You seem confident that the issue has nothing to do with the suggested jQuery bug (especially since you're using jquery.iecors.js) so I'll move right on.

您似乎確信這個問題與建議的jQuery bug沒有任何關系(特別是因為您使用的是jQuery .iecors.js),因此我將繼續討論。

  • What is the significance of the "edited" bit? Access-Control-Allow-Origin:* should be set on the response (i.e. server-side, as part of Apache/IIS/F5 configuration), not on the request. Edit: there is more information available on MDN; you could also use something like burp's tampering proxy to play with the headers if you don't have immediate access to config changes (pretty common in an enterprise environment)


  • Even if not an issue, @DanFromGermany is absolutely right - content-type does look strange. You shouldn't even have to set it manually, jQuery.ajax() has it correct by default.


  • You also seem concerned with setting the basic authentication header. Remember that myencoded value is just encoded (not encrypted), so you might as well skip the header and pass credentials in the URL: http(s)://username:password@www.example.com/


Moar edit:


Looking through those MDN docos above, this seems relevant:

通過上面的MDN docos,這似乎是相關的:

By default, in cross-site XMLHttpRequest invocations, browsers will not send credentials. A specific flag has to be set on the XMLHttpRequest object when it is invoked.


Perhaps try adding xhr.withCredentials = true; to your beforeSend?

也許嘗試添加xhr。withCredentials = true;beforeSend ?

Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *. Since the Access-Control-Allow-Origin explicitly mentions http://foo.example, the credential-cognizant content is returned to the invoking web content.

重要提示:當響應授權請求時,服務器必須指定一個域,並且不能使用粗梳。如果標頭被通配符為:Access-Control-Allow-Origin: *,則上述示例將失敗。由於訪問控制允許的源顯式地提到了http://foo。例如,憑證識別內容被返回到調用的web內容。

This would invalidate previous advice of using an asterisk in the header (i.e. explicit domain is required)




If you were using windows based hosting?


Please check old configs for the IIS, if available,


there are security provisions which will allow content by its type,


add this response header <% Response.AddHeader("Access-Control-Allow-Origin","*") %> in your page also.

在您的頁面中添加這個響應頭<% Response.AddHeader(“訪問控制允許源”,“*”)%>。

or refer the source link to MSDN for more details


I think you have updated this in edits but there are many things as its AJAX involved, and your IE9 may also one of the reason if you have changed security options and not default.


I think that should do, if not please reply




You can try this


<meta http-equiv="X-UA-Compatible" content="IE=Edge" >

It forces the browser the render at whatever the most recent version's standards are. For reference http://msdn.microsoft.com/en-us/library/ie/ms533876%28v=vs.85%29.aspx




粤ICP备14056181号  © 2014-2021 ITdaan.com