I have web server running node server running on a server. The node server set the in the response header 'Access control' to a specific web site to allow only that website accessing the resources served by my node server:
header["Access-Control-Allow-Origin"] = "https://www.mywebsite.com";
In mywebsite.com when calls are made to get resources from the node server, the request works fine since they are coming from the authorized web site. I tested this on Chrome and FireFox. When I tried the same thing using IE10, the resources were not served ok.
When looking at the header request and response for IE 10, I noticed that the 'origin' is not filled correctly while it was filled ok using Firefox and Chrome.
Here is the Chrome header: Chrome header values
While IE 10 header was: Internet Explorer header values for same get request
On IE 10, the origin is filled with 'blob://' While on Chrome and Firefox the origin web site domain is listed correctly allowing the CORS to work properly.
The resources served by the node server are mbtiles with .pbf that are binary streams.
Any idea why IE10 seems to put incorrect origin in the header request ? and may be a work around or solution for it ?
Thanks
via Noury
No comments:
Post a Comment