How to disable same origin policy Internet Explorer

40
votes

Chrome allows us to disable the same origin policy, so we can test cross origin requests. I would like to know if there any possibility to do the same thing in IE

3
internet-explorersame-origin-policywebsecurity

3 Answers

77
votes

Yes you can set this in Internet Options: Go to the Security tab. For the current zone click the "Custom level..." button. In the next window, scroll about a third of the way down to "Miscellaneous > Access data sources across domains" and set it to "Enable". If the current zone is Internet, then you should add the site to the trusted and set this option for the trusted zone instead.

Note that this will effectively disable CORS and will not set the Origin header in the request.

If the resource your accessing requires authentication, you'll need to deal with this manually in the request or pre-authenticate yourself in your current browser session.

IE9 Access data sources across domains

6
votes

On my computer I am using internet explorer 11 version I also have the same problem. I have done following steps to solve my problem.

Step 1 : Allow Cross domain Access 

 (Press) Alt -> Tools -> Internet Options -> Security (Tab) -> 
 Custom Level -> Miscellaneous -> Access data sources across domains ->
 Set to Enable

Step 2: Disable Protected mode

 (Press) Alt -> Tools -> Internet Options -> Security (Tab) -> 
 uncheck Enable Protected mode for Internet & Local Intranet

Step 3: Add localhost/domain to trusted site

 (Press) Alt -> Tools -> Internet Options -> Security (Tab) -> 
 Trusted site -> Sites -> Uncheck Require server verification(https:) -> 
 enter localhost url & click on add button.
0
votes

As decribed at https://www.webdavsystem.com/ajax/programming/cross_origin_requests/

In FireFox, Safari, Chrome, Edge and IE 10+:

To enable cross-origin requests in FireFox, Safari, Chrome and IE 10 and later your server must attach the following headers to all responses:

Access-Control-Allow-Origin: http://webdavserver.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
Access-Control-Allow-Headers: Overwrite, Destination, Content-Type, Depth, User-Agent, Translate, Range, Content-Range, Timeout, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Location, Lock-Token, If
Access-Control-Expose-Headers: DAV, content-length, Allow

In Internet Explorer 9 and Earlier:

As told at https://stackoverflow.com/a/20947828/5035343