Ben Nadel
On User Experience (UX) Design, JavaScript, ColdFusion, Node.js, Life, and Love.
I am the chief technical officer at InVision App, Inc - a prototyping and collaboration platform for designers, built by designers. I also rock out in JavaScript and ColdFusion 24x7.
Meanwhile on Twitter
Loading latest tweet...
Ben Nadel at Scotch On The Rock (SOTR) 2010 (London) with: Guust Nieuwenhuis

Cisco AnyConnect VPN Client May Block CORS AJAX OPTIONS Requests

By Ben Nadel on

For the last few months, I've needed to connect to a remote desktop session using a VPN (Virtual Private Network) client. The one that I was told to use was Cisco's AnyConnect VPN. This works well; but, a few weeks ago, I noticed that all of my CORS (Cross-Origin Resource Sharing) preflight "OPTIONS" requests were failing. Both Firefox and Chrome simply stated that the request was "Aborted"; cURL (curl) reported that the server returned an empty response. After much digging, I discovered that the cause of this CORS failure was the Cisco AnyConnect VPN.

Whenever I made my CORS preflight OPTIONS request, I noticed a number of items showing up in my iMac's console (console.app). All of the items were associated with the process, "acwebsecagent". After much Twitter venting, and some Googling, I came across this Apple Support forum thread, which indicated that the "acwebsecagent" process may be associated with the Cisco AnyConnect VPN.

So, this morning, I uninstalled the Cisco AnyConnect VPN and tried my CORS preflight OPTIONS requests. And, lo and behold, it worked! It was the VPN that was blocking and aborting the CORS AJAX requests.

Once I had narrowed down the culprit, I then reinstalled the Cisco AnyConnect VPN client; but, this time, I made sure not to install the "Web Security" module:


 
 
 

 
Cisco AnyConnect VPN will block CORS preflight OPTIONS requests if the Web Security module is installed.  
 
 
 

Now, I have the Cisco AnyConnect VPN installed and my CORS preflight OPTIONS requests are still working. Frustrating, but glad to have it solved!



Reader Comments

Thank you so much! This was affecting me for a couple of days now. I had to work my way down the google search results until I finally got to this link. You're a life saver.

Great blog BTW. I too develop SPA apps and have been on AngularJS for about a year. Your posts have helped me out from time to time in the past. Keep up the good work!

Reply to this Comment

@Omar,

Glad I could help! This was driving me nuts! Hopefully I'll get some more AngularJS posts outer there. Been slow (too much work) lately.

Reply to this Comment

If you're using a VPN for this sort of stuff, you'd be not be wise enough to use one which doesn't know your identity. I know of at least one where you can pay with Bitcoins and never give out your name. In my opinion, that's perfect! http://www.sunvpn.net/ Its very easy to use.Its very cheap.It's much better than proxy websites because it contains less amount of virus than proxy website. A VPN service will encrypt all your Internet traffic and redirect through a VPN server to its original intended destination. When connected to SunVPN we will bypass all local Internet restrictions, keep our browsing history private from our ISP or company and hide our actual location (IP address) from the websites you visit.

Reply to this Comment

@Jazmine,

I am not sure I understand what you're talking about with BitCoin. Do people have to pay for VPN? That seems odd.

Reply to this Comment

Post A Comment

?
You — Get Out Of My Dreams, Get Into My Comments
Live in the Now
Oops!
Comment Etiquette: Please do not post spam. Please keep the comments on-topic. Please do not post unrelated questions or large chunks of code. And, above all, please be nice to each other - we're trying to have a good conversation here.