Cisco AnyConnect VPN Client May Block CORS AJAX OPTIONS Requests
Posted December 5, 2013 at 9:17 AM by Ben Nadel
For the last few months, I've needed to connect to a remote desktop session using a VPN (Virtual Private Network) client. The one that I was told to use was Cisco's AnyConnect VPN. This works well; but, a few weeks ago, I noticed that all of my CORS (Cross-Origin Resource Sharing) preflight "OPTIONS" requests were failing. Both Firefox and Chrome simply stated that the request was "Aborted"; cURL (curl) reported that the server returned an empty response. After much digging, I discovered that the cause of this CORS failure was the Cisco AnyConnect VPN.
Whenever I made my CORS preflight OPTIONS request, I noticed a number of items showing up in my iMac's console (console.app). All of the items were associated with the process, "acwebsecagent". After much Twitter venting, and some Googling, I came across this Apple Support forum thread, which indicated that the "acwebsecagent" process may be associated with the Cisco AnyConnect VPN.
So, this morning, I uninstalled the Cisco AnyConnect VPN and tried my CORS preflight OPTIONS requests. And, lo and behold, it worked! It was the VPN that was blocking and aborting the CORS AJAX requests.
Once I had narrowed down the culprit, I then reinstalled the Cisco AnyConnect VPN client; but, this time, I made sure not to install the "Web Security" module:
| || || |
| || |
| || || |
Now, I have the Cisco AnyConnect VPN installed and my CORS preflight OPTIONS requests are still working. Frustrating, but glad to have it solved!
- Wanted: Full-Time ColdFusion Developer at Intoria Internet Architects
- Cold Fusion Senior Developer at Edge Information Management
- Back-End Web Developer-Information Technologist at Michigan State University
- ColdFusion Developer at Nonfat Media
- Mid-to-Senior Level Web Application Developer at SiteVision, Inc.
Confirm.I have the same problem and it works for me. Thanks a lot!!
Oh that's awesome to hear!
Thank you so much! This was affecting me for a couple of days now. I had to work my way down the google search results until I finally got to this link. You're a life saver.
Great blog BTW. I too develop SPA apps and have been on AngularJS for about a year. Your posts have helped me out from time to time in the past. Keep up the good work!
Glad I could help! This was driving me nuts! Hopefully I'll get some more AngularJS posts outer there. Been slow (too much work) lately.
If you're using a VPN for this sort of stuff, you'd be not be wise enough to use one which doesn't know your identity. I know of at least one where you can pay with Bitcoins and never give out your name. In my opinion, that's perfect! http://www.sunvpn.net/ Its very easy to use.Its very cheap.It's much better than proxy websites because it contains less amount of virus than proxy website. A VPN service will encrypt all your Internet traffic and redirect through a VPN server to its original intended destination. When connected to SunVPN we will bypass all local Internet restrictions, keep our browsing history private from our ISP or company and hide our actual location (IP address) from the websites you visit.
I am not sure I understand what you're talking about with BitCoin. Do people have to pay for VPN? That seems odd.