Can't post data via AJAX calls in IE10 in pages present inside iframe - by Raghav Khunger

Status : 

  By Design<br /><br />
		The product team believes this item works according to its intended design.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

ID 790055 Comments
Status Closed Workarounds
Type Bug Repros 7
Opened 6/13/2013 12:34:03 AM
Access Restriction Public


I have an index page default.aspx at following URL say http://myappdomain/ with the following code:

            <form id="form1">
            <iframe id="Frame1" src="/virtualdirectory"  
    sandbox="allow-same-origin allow-scripts allow-popups allow-forms"  >

and at the following URL "http://myappdomain/virtualdirectory" I have my main application with pages making ajax calls (doing post say $.post) etc. The issue I am having is that the pages which are opened inside iframe present on http://myappdomain/default.aspx can't POST data via ajax calls to the server in IE10, I can do the same in FF and Chrome. Is this a known issue or what? I tried removing this line too from iframe " sandbox="allow-same-origin allow-scripts allow-popups allow-forms" but no success, I can't do ajax calls to server inside the pages coming in iframe. Note: I am already having the same domains. I also read the following link "IFRAME sandbox attribute is blocking AJAX calls" but I didn't get the pointers to fix my issue. Is there any setting in IE10 browser which I have to enable to make the ajax calls working?

EDIT: I have tested the same stuff in IE8, IE9 and Safari too and it is working. So this issue exists in IE10 only. I just want to add one more thing here I tested all the cases in IE with "Standard mode" i.e no Compatibility or Quirks mode. For all the cases my OS was Windows 7.
Sign in to post a comment.
Posted by AmiKlein on 6/24/2013 at 2:08 AM
Currently all AJAX POST actions aren't working in IE10 (Win 8) via jQuery as well (not just iFrames).
You can't say this is by design when all other browsers support AJAX POST within the same domain (not a cross domain POST).
BTW, asking to change settings in IE10 is "no can do" - we can't ask all of our clients to change settings.

I've also read that there might a linkage to Download Managers - was this identified as the cause by the IE team?
Posted by Raghav Khunger on 6/15/2013 at 1:31 AM
Can you explain "as by design" term in detail regarding my question? What is "as by design"? Not to allow user to post data via AJAX inside the pages in iframe in IE10, is that so?
Posted by Raghav Khunger on 6/15/2013 at 1:26 AM
I noticed the status of this ticket has been set as "Closed, as by design". This means there is no way to post data via AJAX inside the pages in iframe in IE10? Is this a limitation of IE10?
Posted by Raghav Khunger on 6/14/2013 at 1:41 PM
You will see POST data will not be sent to server. You can check the same with Fiddler.
Posted by Raghav Khunger on 6/14/2013 at 1:41 PM
Steps are simple:
1. Open any page inside the iframe
2. Do AJAX POST request to server
Posted by Microsoft on 6/14/2013 at 11:50 AM
Thank you for your feedback.

IE10 does allow for Sandbox within an IFrame but the Allow-Script flag is limited to Javascript. If you would like to provide some of the code that is not running, we can evaluate whether IE10 will run it within this sandboxed space. Your sandbox call within the IFrame tag is coded correctly and all the flags you are using are valid. So the issue is whether or not the IE10 security will give the scripting permission.

Best regards,

The Internet Explorer Team
Posted by Raghav Khunger on 6/14/2013 at 9:44 AM
"Trusted sites" solution is not working. The behavior is same.
Posted by ashokgates on 6/14/2013 at 2:55 AM
Did many research on this but iframe both with or without sandbox could not solve this issue. Yahoo, Google kind of sites have implemented frame breaker code, which prevents the site from being loaded in iframes and it would show appropriate message in the browser. But, CF has HTML 5 objects and AJax calls, which is being prevented by IE 10 due to security reasons. But, there were no clue on this behaviour.

The word "Security" gave me an idea. I just thought what if i add the CF site in IE's Trusted sites list and did the same to see the result. To my Great Surprise, this gives the solution for this problem and now without any sandbox settings, CF pages gets loaded in iframe in IE 10 as it use to work in IE 9.

Good at least we have some solution for this critical issue.
Posted by Tim Eisenhauer on 6/13/2013 at 11:22 AM
I'm experiencing the same thing.