5

Really puzzled by this bug. All versions of IE, even those that support CORS, are throwing "permission denied" errors when I try to make a cross-domain PATCH request (using jQuery.ajax). All other methods (even PUT) work correctly, but PATCH triggers an immediate error on the send() call.

Considering later versions of IE support CORS, and supposedly support all method types, is there some reason why CORS + PATCH would result in an error?

(And yes, Access-Control-Allow-Methods is set to GET, POST, DELETE, PATCH, PUT, OPTIONS so I don't think that's the issue.)

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Matt Diamond
  • 11,646
  • 5
  • 29
  • 36

1 Answers1

0

IE requires a P3P policy header in order for CORS to work properly. Try this:

Quick Solution Attempt

Make sure this is found in the header sent from the server:

P3P: CP="NON DSP LAW CUR ADM DEV TAI PSA PSD HIS OUR DEL IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE LOC IVD SAM IVA OTC"

Not-so-quick Solution

Read this article: Craft a P3P policy to make IE behave

Per Kristian
  • 785
  • 8
  • 10