Has anyone successfully managed to request local resources via AJAX in IE over SSL without encountering an "access denied" error?
In a nutshell:
I'm using AJAX to fetch JSON from a local web service that is encrypted when served over HTTPS to avoid any security warnings. The remote site, mysite.com, is receiving information from https://localhost/.
The CORS headers are correctly set up and everything works smoothly in Chrome and Firefox. However, in IE, while typing https://localhost directly into the address bar works fine, making an AJAX request triggers a security setting that denies access. This issue is discussed in part here:
Access denied in IE 10 and 11 when ajax target is localhost
The suggested solution is adding the requesting domain (mysite.com) to trusted sites. While this fix works, we prefer not requiring user intervention. Referring users to a knowledge base article on how to do this isn't an ideal user experience. Other suggestions mentioned for resolving this issue have their limitations.
Further research led me to:
CORS with IE, XMLHttpRequest and ssl (https)
This thread proposed a wrapper for AJAX requests in IE, but it's now obsolete as IE11 deprecated the XDomainRequest API. Trying to bypass this limitation by adding a void onProgress handler to the XDR object is no longer viable.
So, has anyone encountered:
a) A workaround to allow these requests without altering trusted sites in IE? An updated version of the workaround from the second link perhaps?
b) Alternatively, a method to prompt users to add the site to their trusted zone? Imagine a message like "mysite.com wants to be added to your trusted zones. Confirm Yes/No" allowing users to grant permission without manually adjusting settings?