Microsoft Edge blocked cross-domain requests sent to IPs in same private network CIDR

by

From Understanding Enhanced Protected Mode

Private Network resources

Because EPM does not declare the privateNetworkClientServer capability, your Intranet resources are protected from many types of cross-zone attacks (usually called “Cross-Site-Request-Forgery (CSRF)” and “Intranet Port Scanning.”) Internet pages are not able to frame Intranet pages, load images or resources from them, send them CORS XHR requests, etc.

All of the above seems to apply to MS Edge. The only thing Edge is lacking (at least at this point, v20.10240) is the security zone settings.

My issue wasn’t with the XMLHttpRequest but rather with trying to load an intranet page in an iframe inside the internet page. The workaround involved chanding my network setup – see https://stackoverflow.com/a/32828629

More Related Contents:

  1. Origin is not allowed by Access-Control-Allow-Origin
  2. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘…’ is therefore not allowed access
  3. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  4. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  5. How to Detect Cross Origin (CORS) Error vs. Other Types of Errors for XMLHttpRequest() in Javascript
  6. XMLHttpRequest: Network Error 0x80070005, Access is denied on Microsoft Edge (but not IE)
  7. How can I upload files asynchronously with jQuery?
  8. jQuery XML error ‘ No ‘Access-Control-Allow-Origin’ header is present on the requested resource.’
  9. HTTP HEAD Request in Javascript/Ajax?
  10. Prevent redirection of Xmlhttprequest
  11. CORS error on same domain?
  12. Understanding AJAX CORS and security considerations
  13. Why does the preflight OPTIONS request of an authenticated CORS request work in Chrome but not Firefox?
  14. CORS request not working in Safari
  15. How to intercept all http requests including form submits
  16. Show a progress bar for downloading files using XHR2/AJAX
  17. How to get response url in XMLHttpRequest?
  18. Fetch API vs XMLHttpRequest
  19. AJAX File Upload with XMLHttpRequest
  20. Cross Domain Resource Sharing GET: ‘refused to get unsafe header “etag”‘ from Response
  21. What’s to stop malicious code from spoofing the “Origin” header to exploit CORS?
  22. How to allow CORS in react.js?
  23. loading json data from local file into React JS
  24. XMLHttpRequest (Ajax) Error
  25. Cross-site XMLHttpRequest
  26. Solve Cross Origin Resource Sharing with Flask
  27. Cross-Origin XMLHttpRequest in chrome extensions
  28. Opinion about synchronous requests in web workers
  29. Intercept XMLHttpRequest and modify responseText
  30. XmlHttpRequest.responseText while loading (readyState==3) in Chrome

Leave a Comment