Last Updated: October 11, 2016
· resonance1584

IE8 XDomainRequest CORS headers must be set for same origin request

XDomainRequest is the only way to fetch data asynchronously in javascript from another domain in IE8 and 9.

It's super finicky and will call the .onerror method if anything goes wrong. There is no way to know why the onerror method was called.

When requesting a resource on the same domain other browsers don't require Access-Control-Allow-Origin:* to be set.

XDomainRequest will call onerror if this header is not set - even though it is technically not CORS. XDomainRequest expects that it will only be used for CORS and not same origin requests.