0
Answer

Error SEC7118; does ajax require CORS?

Sam Hobbs

Sam Hobbs

10y
4.3k
1

I am trying to get JSON from a web site using ajax but I am getting a NetworkError from it. I am using IE 10. The URL works if I put in IE's address bar; it downloads JSON that way. When I use ajax, however, I get the error shown below; the message is from the Script tab of IE's developer tools. Does it mean that CORS is not supported by the server? Does that mean I cannot use ajax?

SEC7118: XMLHttpRequest for {url} required Cross Origin Resource Sharing (CORS).
UsingJSON.html
SEC7127: Redirect was blocked for CORS request.
UsingJSON.html
SCRIPT7002: XMLHttpRequest: Network Error 0x2ef1, Could not complete the operation due to error 00002ef1.
UsingJSON.html

The MSDN says that SEC7118 means "XMLHttpRequest for [URL] required Cross Origin Resource Sharing (CORS)" and I assume that means the server does not support CORS but that is not totally clear to me. I am also not sure if ajax requires CORS.

The web service I am trying to use is undocumented so I cannot check the documentation of it. It is however a very large web site; it is in the top ten of all web sites. I see that an alternative to ajax is JSONP; how do I know if the server supports that?



Update: I found AJAX - Introducing Cross-domain Request (XDR) that says that "cross-domain requests are anonymous, which means that servers cannot easily find out who is requesting data". Since the data is somewhat sensitive, it makes sense that the server does not support CORS for this.