SEC7118: XMLHttpRequest CORS - IE Console message

Question

I am using CORS POST request with everything taken care as given @http://www.html5rocks.com/en/tutorials/cors/

Server sets Response header to: \'Access-Control-Allow-Ori

Answer 1

From MSDN:

Security error codes are in the form SEC7xxx [In IE]

Pertaining to SEC7118:

An XMLHttpRequest was made to a domain that was different than your page's domain. This requires the server to return an "Access-Control-Allow-Origin" header in its response headers, but one was not returned.

Note This error code was removed in IE11 on Windows 10. It remains in IE11 for Windows 8.1 and Windows 7.

So it is technically viewed as an error from IE's perspective, but certainly isn't one (hence why it is going away). Access-Control-Allow-Origin is set on a resource, but isn't necessarily sent back with the request. If a specified resource DOESN'T have Access-Control-Allow-Origin:* (or a domain), the resource would not be accessible and the server would likely return a 503 or 404 and you would see a true error message in the console similar to the below:

XMLHttpRequest cannot load http://example.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://blog.example.com' is therefore not allowed access.