IE throwing Error on regular ajax request


I have an issue with a Facebook Page Tab I have built.

The website functions perfectly fine in Chrome and Firefox but I have an issue when I try to do something simple in IE.


What I am trying to do is make a simple ajax request from my server BASE URL to my server again on REQ URL, In Chrome or Firefox I get the expected result, IE however I get a couple of errors and warnings.

Warnings are as follows (without sensitive domain information)

SEC7118: XMLHttpRequest for required Cross Origin Resource Sharing (CORS).

SEC7119: XMLHttpRequest for required CORS preflight. 

Errors are as follows

SEC7120: Origin not found in Access-Control-Allow-Origin header.

SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.

I have done a lot of research on these errors and I know that they are related to Cross Origin Control and making requests from one domain that does not match another. The strange thing is though that both my domains are the same so CORS should not apply. I can't figure out what I'm missing. I have read at least 20 articles on stack overflow with none of them able to address my problem exactly.

The /request/ in the REQ_URL is a method that gets called from a controller, all I need is for this method to be called there is nothing special about it, it's a simple PHP function.

function request() {
    return 'you win!';

The ajax is using jQuery to make the request specificly the $.get method this is my code:

$.get('/request', function(response){

I get no response.

I have also tried this with $.ajax and calling the complete method I get a text status type returned of 'error' I expect this to be the result of the error above.

I have read and understand the articles as follows:

Cross-origin resource sharing Same-origin policy

According to the Same-origin policy I shouldn't be bound to CORS and my get request should just work or am I missing something.

Any help is appreciated.


I have identified that the above errors occur only when inside facebook (Facebook Page Tab) this "I think" is a result of the iframe being from the domain "" and my domain "" This breaks the Same-origin policy rule. Very annoying because when the ajax calls are made they are sent from "" to "" there in I am getting Cross-origin policy errors.

I still don't know how to fix this problem.

asked on Stack Overflow Aug 14, 2013 by Daniel Tate • edited Jan 8, 2020 by sideshowbarker

1 Answer


Not many up votes, Not many views.

I found the issue, and the solution.

For my particular case I was using sessions to handle information on the server side, what was happening was the session was not persisting in IE witch was causing some of my other code to redirect he ajax request to another domain ( resulting in the cross domain request error you see above.

The Solution:

I found out that IE doesn't like to pass sessions around through ajax but you can tell it that it would be a good idea do follow suit to the other modern browsers and that was as simple as adding a P3P header.

Add this to your code before sending a request and the session variables should be sent in the requests.

  header('P3P:  CP="IDC  DSP  COR  ADM  DEVi  TAIi  PSA  PSD  IVAi  IVDi  CONi  HIS  OUR  IND  CNT"');

I ended up rewriting my application without so many dependicies on the sessions but this was definatly a good learning point about IE and how it handels sessions through ajax.

answered on Stack Overflow Aug 26, 2013 by Daniel Tate

User contributions licensed under CC BY-SA 3.0