How is Fiddler 'fixing' a CORS error in MS Edge?

5 posts, 1 answers
  1. Jerome
    Jerome avatar
    3 posts
    Member since:
    May 2014

    Posted 03 Feb Link to this post

    I'm using jQuery to send cross origin ajax requests and they're working fine in IE11, Chrome and Firefox but they fail in Edge with the following error:

    SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.

    What's interesting is that I used Fiddler to try to figure out what was going on and when Fiddler is running and capturing requests everything works fine. As soon as I close Fiddler or pause capture it fails again.

    I always thought that Fiddler was essentially transparent, with no side effects on client or server, but I guess something different in terms of what the browser receives while Fiddler is running.

  2. Answer
    EricLaw
    EricLaw avatar
    67 posts
    Member since:
    Oct 2012

    Posted 04 Feb in reply to Jerome Link to this post

    There are a few possibilities; without exact details of your configuration, we're just shooting in the dark.

    One possibility is that your computer is configured with an Intranet zone and that Intranet zone is dependent on a proxy configuration script: http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx. When Fiddler is running, the proxy settings are pointed at Fiddler itself.

     

  3. Jerome
    Jerome avatar
    3 posts
    Member since:
    May 2014

    Posted 04 Feb in reply to EricLaw Link to this post

    Brilliant, thanks Eric, that was it.

     I guess if I crank the Local intranet zone up to Medium-High to match the Internet zone then I can use Fiddler to help me work out what Edge is getting upset about.

  4. EricLaw
    EricLaw avatar
    67 posts
    Member since:
    Oct 2012

    Posted 04 Feb in reply to Jerome Link to this post

    Ah, right, there's another factor at work here if you're using an Intranet site as the target of an XHR from a site in the Internet zone.

    Edge runs in Enhanced Protected Mode (AppContainer). That has a feature which blocks access to Private Network Resources from Internet-Zone processes. See the "Private Network resources" section of http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx for more details.

     

  5. Jerome
    Jerome avatar
    3 posts
    Member since:
    May 2014

    Posted 08 Feb in reply to EricLaw Link to this post

    Thanks Eric, I'd forgotten that I had added Edge to the AppContainer Loopback Exemption Utility.

     My hosts file has two entries:

    web.app.test 127.0.0.1
    api.app.test 192.168.0.111

    So the SPA is served from web.app.test which is making ajax calls to api.app.test (this is so I can share an authentication cookie across subdomains).

    If I add web.app.test to the Local Intranet zone then Edge is happy, without the need to use Fiddler to get around the issue. It's all a bit horrible but as it shouldn't be a problem in production I've resolved not to worry about it.

    Thanks again for all your help with this and for the brilliant and irreplaceable Fiddler. 

Back to Top