I have an expected scenario, where if a client is not authorized to a server resource the server responds with a status code = 401.
I was testing with CORS on IE10. IE10 does not assign the actual response status code (or probably other information) to the XmlHttpRequest after the ajax call completes. According to the W3C specification for XMLHttpRequest Level 2 (http://www.w3.org/TR/XMLHttpRequest2/#infrastructure-for-the-send-method) HTTP status 401 should not be treated as a network error:
"In case of DNS errors, TLS negotiation failure, or other type of network errors, this is a network error. Do not request any kind of end user interaction. This does not include HTTP responses that indicate some type of error, such as HTTP status code 410."
In Chrome and Firefox the expected status code of 401 is correctly set and visible with XmlHttpRequest.status = 401.
In IE 10 on win 8 the status code = 0.
The issue can be reproduced at http://codepen.io/anon/pen/HAbqm and also at http://plnkr.co/edit/E2lCflPDHHaQi7t79IeM?p=preview and at http://codepen.io/anon/pen/bwzcB
This bug was first reported as https://connect.microsoft.com/IE/feedback/details/773478/ie-10-on-win8-does-not-assign-the-correct-httpstatus-to-xmlhttprequest-when-the-result-is-401