I'm trying to call an API using the PATCH http method from IE9, every time the XMLHttpRequest is sent it drops the actual request body. The actual request is coming from an AngularJS application. Angular just uses the native xhr under the covers in it's $http service. I've verified the behavior is not Angular-specific running the snippet below in the IE console and inspecting the network traffic - no body gets sent with the request
var request = new XMLHttpRequest();
request.open('PATCH', '/api/v1/fake/404/', false);
request.setRequestHeader("Content-type","application/json");
request.send('{"isActive": 1}');
if you change PATCH to PUT or POST it sends the json request body just fine. Is PATCH just not supported in IE9 XHR? Is there any workaround?
After doing a bunch of research. it appears that there really isn't any workaround. PATCH http requests just aren't supported in IE9.
Related
In our web application we want to trigger a locally run widget using xhttp request, in Chrome and firefox, this is working fine and the requests are being received but in MS browsers (Edge and IE11) it wort fire and I get an error returned to the variable,
The request line is;
var screenRecorder = $.get('http://127.0.0.1:9645/widget?command=connect&agent=amtest&password=amtest');
where agentName and password are taken from JS variables
[object,object] {readystate:1}
I am relying on the correct response being received to flag if the widget is running to allow further communication requests to it.
I am hosting the app on IIS6.1 and have enabled CORS but this still isn't helping with IE and Edge. Can anyone advise how I can resolve this?
The IE console shows the following error:
XMLHttpRequest: Network Error 0x2efd, Could not complete the operation
due to error 00002efd.
The fix for this issue is to initiate a connection before sending the request using the following code before sending the initial and subsequent $.get requests;
var screenRec = new XMLHttpRequest('http://127.0.0.1:9645/widget');
This forces IE and Egde to open the connection as without it the $.get request will not be sent.
I'm trying to hack my back-end, which exposes a REST API. The worst thing that can happen to my database according to firefox CORS policy is that I can create a new object with POST request, as it does not need a preflight. This is the simple code (I'm running it via jsfiddle, but it shouldn't mean a thing)
var xhttp = new XMLHttpRequest();
xhttp.open("POST", "http://127.0.0.1:8000/api/v1/company", true);
xhttp.withCredentials = true;
xhttp.setRequestHeader('Content-Type', 'text/plain');
xhttp.send('{description:"This company was added by pure hacking"}');
But I'm getting an error in the console:
Blocked loading mixed active content "http://127.0.0.1:8000/api/v1/company"
The error is not because of SOP, its a mixed content error, that is making an http request on a https page.
jsfiddle defaults to https but allows http, but only on saved fiddles.
Change the url of your fiddle to use http instead of https
I found out that following issue occurs on safari via Javascript, jQuery Ajax:
I make a cors simple request using GET
Server responses with 302
Safari follows redirect but uses OPTIONS instead of GET as method, so it does a preflight request
I would expect that step 3 would also invoke a simple request using GET, which is exactly how it is done in Chrome and Firefox.
The problem is that the server who responses to the request after step 3 can not handle requests with method OPTIONS and therefor fails with status "Method Not Allowed".
Since i have no influence on the server side, i need to force either to not follow the redirect automatically and do it manually instead or somehow tell safari not to switch to OPTIONS.
Is there any way to do one of those options?
I have an HTA aplication, which gets some data using through ajax call. I satrted to use XMLHttpRequest for this. This method was giving me the desired result, but it was coming with a pop up before sending a request as shown here.
So as suggeted in the previous link, i tried using XDomainRequest Object. But this is giving me error on xhr.open() method call; as i think the protocol for HTA application is file:; while XDomainRequest only supports ttp: and https: protocol.
Is there any workaround where i can get data using a cross domain call without intimating user on IE 8.
Thanks.
It's not clear where the requested file is located at.
When it's accessible via HTTP/HTTPS(no matter which domain) you may use WinHTTPRequest
I run a service where there is a javascript file that is called and self executed on a user's site.
This then calls an external server every 10 or so seconds with a bunch of variables.
I used to do this by using a createElement('script') and then setting the path to a file on the external server and passing the required variables across by means of GET variables. (works well for small URI's)
This worked really well and seemed to work cross browser as well with no undesired effects.
The problem I then ran into was when I needed to extend the amount or size of the variables that were being sent across. So obviously I decided to change from GET method to POST, but by doing that I could no longer use the createElement('script') trick and had to opt for the XMLHttpRequest() (ala Ajax - without jQuery) method which worked really well, except for the minor problem of having to also cater for Internet Explorer and Opera which didn't really play ball too well (big shock). So I used the following:
function createCORSRequest(method, url){
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr){
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined"){
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
return xhr;
}
var request = createCORSRequest("post", "http://xx.xxxx.com/");
if (request){
request.onload = function(){
//do something with request.responseText
};
request.send(myPostObjectDataVariableGoeshere);
}
..which I found over at this page
This is basically just a fallback to using the XDomainRequest() method which InternetExplorer wants you to use instead..
Fantastic, BUT -> Looking in the Console of Developer Tools in IE it says:
SEC7118: XMLHttpRequest for http://xx.xxxx.com/ required Cross Origin Resource Sharing (CORS).
SEC7120: Origin null not found in Access-Control-Allow-Origin header.
SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.
But what's really odd about this is that I've already got the following as the first line in my backend PHP file that is being called (which works for other browsers...)
header('Access-Control-Allow-Origin: *');
Someone please tell me what's wrong here.. Also if there is a better way to be doing this instead of fighting the browser wars..
Note: I cannot use jQuery for this task!
You should try jQuery for this task. Its much easier and don't have that problem with IE.
http://api.jquery.com/jQuery.ajax/
IE unfortunately block Cross Origin requests, i believe there is no simple way to get around it by script only, but you can try tuning the options or via my proxy script.
Tuning the options
Internet Explorer ignores Access-Control-Allow headers and by default prohibits cross-origin access for Internet Zone. To enable CORS go to Tools->Internet Options->Security tab, click on “Custom Level” button. Find the Miscellaneous -> Access data sources across domains setting and select “Enable” option.
Proxy Script on local server as a Bridge
Previous post:
Remote POST request with jQuery and Ajax
This is for you to place a PHP script on a local server and do a local AJAX request and proxy to the remote server for good.