This is a migrated thread and some comments may be shown as answers.

How is Fiddler 'fixing' a CORS error in MS Edge?

5 Answers 304 Views
Windows
This is a migrated thread and some comments may be shown as answers.
Jerome
Top achievements
Rank 1
Jerome asked on 03 Feb 2016, 05:06 PM

I'm using jQuery to send cross origin ajax requests and they're working fine in IE11, Chrome and Firefox but they fail in Edge with the following error:

SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.

What's interesting is that I used Fiddler to try to figure out what was going on and when Fiddler is running and capturing requests everything works fine. As soon as I close Fiddler or pause capture it fails again.

I always thought that Fiddler was essentially transparent, with no side effects on client or server, but I guess something different in terms of what the browser receives while Fiddler is running.

5 Answers, 1 is accepted

Sort by
0
Accepted
EricLaw
Top achievements
Rank 1
answered on 04 Feb 2016, 04:32 PM

There are a few possibilities; without exact details of your configuration, we're just shooting in the dark.

One possibility is that your computer is configured with an Intranet zone and that Intranet zone is dependent on a proxy configuration script: http://blogs.msdn.com/b/ieinternals/archive/2012/06/05/the-local-intranet-security-zone.aspx. When Fiddler is running, the proxy settings are pointed at Fiddler itself.

 

0
Jerome
Top achievements
Rank 1
answered on 04 Feb 2016, 04:56 PM

Brilliant, thanks Eric, that was it.

 I guess if I crank the Local intranet zone up to Medium-High to match the Internet zone then I can use Fiddler to help me work out what Edge is getting upset about.

0
EricLaw
Top achievements
Rank 1
answered on 04 Feb 2016, 08:15 PM

Ah, right, there's another factor at work here if you're using an Intranet site as the target of an XHR from a site in the Internet zone.

Edge runs in Enhanced Protected Mode (AppContainer). That has a feature which blocks access to Private Network Resources from Internet-Zone processes. See the "Private Network resources" section of http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx for more details.

 

0
Jerome
Top achievements
Rank 1
answered on 08 Feb 2016, 02:59 PM

Thanks Eric, I'd forgotten that I had added Edge to the AppContainer Loopback Exemption Utility.

 My hosts file has two entries:

web.app.test 127.0.0.1
api.app.test 192.168.0.111

So the SPA is served from web.app.test which is making ajax calls to api.app.test (this is so I can share an authentication cookie across subdomains).

If I add web.app.test to the Local Intranet zone then Edge is happy, without the need to use Fiddler to get around the issue. It's all a bit horrible but as it shouldn't be a problem in production I've resolved not to worry about it.

Thanks again for all your help with this and for the brilliant and irreplaceable Fiddler. 

0
Vindhya
Top achievements
Rank 1
answered on 17 Apr 2019, 09:02 PM
Thanks to this discussion, I could figure out whats going on in my Recat-windowsAuth-asp.net app running on localhost trying to access APIs hosted in intranet. Thanks for all the insight.
Tags
Windows
Asked by
Jerome
Top achievements
Rank 1
Answers by
EricLaw
Top achievements
Rank 1
Jerome
Top achievements
Rank 1
Vindhya
Top achievements
Rank 1
Share this question
or