I am developing a LOB web application that runs on the local intranet using AngularJS (v1.4.8). One feature includes calling another intranet LOB web application using CORS/JSON. I was able to make the call and displaying the result in a near production environment, but when switching my application from http://servername/... to https://application-dns-entry.intranet.customer.com (SSL!) the feature dies with "Access is denied". Using F12 in IE11 (Fiddler isn't at my hands currently because of remote access restrictions) I realize a difference, my global error handler kicks in even before trying the request.
There is no localhost in play, all sites are local intranet zone, so other responses I found aren't really helpful. Is there a rule in IE's security understanding, that prevents calling a non-ssl-page when being inside an ssl-page? Or is there a feature inside AngularJS kicking in?
