From 1b6cf934746c21623ce7372962e53cb0bcfefd81 Mon Sep 17 00:00:00 2001
From: Chris Adams <chris@improbable.org>
Date: Thu, 29 Aug 2013 16:13:13 -0400
Subject: [PATCH] Graceful handling of IE cross-domain AJAX failures

Prior to IE 10, XmlHttpRequest cannot be used for requests to a
different origin even when the target URL's CORS headers would allow
access (see http://caniuse.com/#feat=cors).

This is easy to miss in testing if you use a single origin during
testing but have a CDN or domain-sharding for production and will break
the error handler function passed to makeAjaxRequest() if that code
assumes it can access properties on the request object.

This adds a more informative pointer to Microsoft's documentation when a
security exception is raised.
---
 src/openseadragon.js | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/openseadragon.js b/src/openseadragon.js
index e5913772..e2743779 100644
--- a/src/openseadragon.js
+++ b/src/openseadragon.js
@@ -1345,7 +1345,25 @@ window.OpenSeadragon = window.OpenSeadragon || function( options ){
                 request.open( "GET", url, true );
                 request.send( null );
             } catch (e) {
-                $.console.log( "%s while making AJAX request: %s", e.name, e.message );
+                var msg = e.message;
+
+                /*
+                    IE < 10 does not support CORS and an XHR request to a different origin will fail as soon
+                    as send() is called. This is particularly easy to miss during development and appear in
+                    production if you use a CDN or domain sharding and the security policy is likely to break
+                    exception handlers since any attempt to access a property of the request object will
+                    raise an access denied TypeError inside the catch block.
+
+                    To be friendlier, we'll check for this specific error and add a documentation pointer
+                    to point developers in the right direction. We test the exception number because IE's
+                    error messages are localized.
+                */
+                var oldIE = $.Browser.vendor == $.BROWSERS.IE && $.Browser.version < 10;
+                if ( oldIE && typeof( e.number ) != "undefined" && e.number == -2147024891 ) {
+                    msg += "\nSee http://msdn.microsoft.com/en-us/library/ms537505(v=vs.85).aspx#xdomain";
+                }
+
+                $.console.log( "%s while making AJAX request: %s", e.name, msg );
 
                 request.onreadystatechange = function(){};