How to disable same origin policy Internet Explorer

Asked 6/1, 2014 at 9:59 Answered 3/4, 2019 at 9:22

Solved internet-explorer same-origin-policy websecurity

Chrome allows us to disable the same origin policy, so we can test cross origin requests. I would like to know if there any possibility to do the same thing in IE

Lull answered 6/1, 2014 at 9:59 Comment(0)

Yes you can set this in Internet Options: Go to the Security tab. For the current zone click the "Custom level..." button. In the next window, scroll about a third of the way down to "Miscellaneous > Access data sources across domains" and set it to "Enable". If the current zone is Internet, then you should add the site to the trusted and set this option for the trusted zone instead.

Note that this will effectively disable CORS and will not set the Origin header in the request.

If the resource your accessing requires authentication, you'll need to deal with this manually in the request or pre-authenticate yourself in your current browser session.

IE9 Access data sources across domains

Nymphet answered 6/1, 2014 at 10:22 Comment(3)

This did not work for me in IE 10... I still cannot access anything from the other page in an iframe or popup. – Giga 7/2, 2014 at 20:27

You also may need to allow 3rd party cookies to allow session support like so: Internet Options -> Privacy -> Advanced -> Third Party Cookies -> Accept. Check "Override automatic cookie handling", "Accept" (Third-party Cookies) and "Always allow session cookies." – Recompense 28/5, 2014 at 9:23

@Giga You need to unselect "Enable Protected Mode". It works for me after I did that. – Nygaard 24/7, 2017 at 20:31

On my computer I am using internet explorer 11 version I also have the same problem. I have done following steps to solve my problem.

Step 1 : Allow Cross domain Access

 (Press) Alt -> Tools -> Internet Options -> Security (Tab) -> 
 Custom Level -> Miscellaneous -> Access data sources across domains ->
 Set to Enable

Step 2: Disable Protected mode

 (Press) Alt -> Tools -> Internet Options -> Security (Tab) -> 
 uncheck Enable Protected mode for Internet & Local Intranet

Step 3: Add localhost/domain to trusted site

 (Press) Alt -> Tools -> Internet Options -> Security (Tab) -> 
 Trusted site -> Sites -> Uncheck Require server verification(https:) -> 
 enter localhost url & click on add button.

Subulate answered 3/4, 2019 at 9:22 Comment(0)

As decribed at https://www.webdavsystem.com/ajax/programming/cross_origin_requests/

In FireFox, Safari, Chrome, Edge and IE 10+:

To enable cross-origin requests in FireFox, Safari, Chrome and IE 10 and later your server must attach the following headers to all responses:

Access-Control-Allow-Origin: http://webdavserver.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
Access-Control-Allow-Headers: Overwrite, Destination, Content-Type, Depth, User-Agent, Translate, Range, Content-Range, Timeout, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Location, Lock-Token, If
Access-Control-Expose-Headers: DAV, content-length, Allow

In Internet Explorer 9 and Earlier:

As told at https://mcmap.net/q/40737/-how-to-disable-same-origin-policy-internet-explorer

Paramedical answered 1/8, 2016 at 11:51 Comment(1)

That's how to implement it on the server, not how to disable on the client. – Austriahungary 6/4, 2018 at 6:24

Recommended topics

Hot tags