Internet Explorer 11 does not add the Origin header on a CORS request?

by

Internet Explorer’s definition of the “same origin” differs to the other browsers. See the IE Exceptions section of the MDN documentation on the same-origin policy:

Internet Explorer has two major exceptions when it comes to same origin policy:

  • Trust Zones: if both domains are in highly trusted zone e.g, corporate domains, then the same origin limitations are not applied
  • Port: IE doesn’t include port into Same Origin components, therefore http://company.com:81/index.html and http://company.com/index.html are considered from same origin and no restrictions are applied.

Therefore if your cross-origin request occurs across different ports, or within one of IE’s trusted zones, IE will not treat the request as cross-origin and will see no need to add the Origin: header.

More Related Contents:

  1. Origin is not allowed by Access-Control-Allow-Origin
  2. Access-Control-Allow-Origin Multiple Origin Domains?
  3. IE9 blocks download of cross-origin web font
  4. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  5. Animated GIF in IE stopping
  6. CORS error on same domain?
  7. Firefox ‘Cross-Origin Request Blocked’ despite headers [closed]
  8. Understanding AJAX CORS and security considerations
  9. What are the integrity and crossorigin attributes?
  10. Understanding XMLHttpRequest over CORS (responseText)
  11. Cross-browser testing: All major browsers on ONE machine
  12. Internet Explorer ignores cookies on some domains (cannot read or set cookies)
  13. CORS support for PUT and DELETE with ASP.NET Web API
  14. CORS request not working in Safari
  15. ‘No Transport’ Error w/ jQuery ajax call in IE
  16. Canvas tainted by cross-origin data
  17. Disable cross domain web security in Firefox
  18. IE prompts to open or save json result from server
  19. How to Detect Cross Origin (CORS) Error vs. Other Types of Errors for XMLHttpRequest() in Javascript
  20. CSS3 PIE – Giving IE border-radius support not working?
  21. How to disable same origin policy Internet Explorer
  22. Enable CORS in Golang
  23. Program Download – IE CHROME – “is not commonly downloaded and could be dangerous.”
  24. How long of a URL can Internet Explorer 9 take?
  25. CORS request is preflighted, but it seems like it should not be
  26. Difference between “Browser Mode” and “Document Mode” in Internet Explorer
  27. Windows Phone 7 Browser – Turn off the gray shading when links are clicked
  28. postMessage still broken on IE11?
  29. XMLHttpRequest: Network Error 0x80070005, Access is denied on Microsoft Edge (but not IE)
  30. Which X-UA-Compatible takes precedence? Http-header or Meta-tags?

Leave a Comment