IE9 CORS and restangular

Question

I'm using restangular with an angularjs app and calling a RESTful API server. However, this is bombing on IE9 and IE10. Are there any work arounds for this?

I've tried the stesps for IE10 here: http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx to no avail.

My angularjs has a url like this: http://portal.mydomain.com and my api server has a url like this: http://api.mydomain.com.

I have confirmed that I get the appropriate headers back in the response:

access-control-allow-origin: http://portal.mydomain.com access-control-allow-credentials: true

However, I keep getting the following: SEC7118: XMLHttpRequest for http://api.mydomain.com/ required Cross Origin Resource Sharing (CORS).

Any help would be greatly appreciated!

Answer 1

You'll need to use a polyfill for IE 9 (google ie cors polyfill). IE 8 and IE 9 don't support "normal" CORS. (Google XdomainRequest for more information.)

For IE 10:

Did you set Access-Control-Allow-Methods and Access-Control-Allow-Headers correctly server-side (you only mention allow-origin and allow-credentials)? If you're using credentials, did you enable that client-side? (RestangularProvider.setDefaultHttpFields({withCredentials: true}))

Is the request one that needs to be pre-flighted? If so, if you manually do an OPTIONS request beforehand with curl or something like that, do you see the correct Access- headers returned by the server? Even if the request technically does not technically need to be pre-flighted, it would be worth checking to see whether IE actually is, and verifying that your backend properly supports OPTIONS requests.

It sounds like you're saying that requests work correctly in non-IE browsers. Is that correct?