Workaround for break in IE10-11 cross domain Patch support

Workaround for break in IE10-11 cross domain Patch support

jQuery versions 1.6.0 - 1.10.2 provided support for making cross domain Patch requests in IE10 and IE11 using the jQuery.ajax() method (assuming all client and server settings are configured correctly for CORS). 

That support broke beginning with jQuery 1.11.1-rc1. A properly configured ajax request in IE10/11 now fails with "Error: Could not complete the operation due to error 8070000c." Stepping through the relevant jQuery code shows the underlying error being thrown as -2146828218, "Permission denied".

Importantly, requests appear to continue to work fine in Chrome, Firefox, Safari and other browsers on various platforms.

Looking at the code base, jQuery 1.10.2 used the following in selecting an xhr object. (Versions 1.6.0 through 1.10.x used similar but not exact implementations.)

  2. // Create the request object
  3. // (This is still attached to ajaxSettings for backward compatibility)
  4. jQuery.ajaxSettings.xhr = window.ActiveXObject ?
  5. /* Microsoft failed to properly
  6. * implement the XMLHttpRequest in IE7 (can't request local files),
  7. * so we use the ActiveXObject when it is available
  8. * Additionally XMLHttpRequest can be disabled in IE7/IE8 so
  9. * we need a fallback.
  10. */
  11. function() {
  12. return !this.isLocal && createStandardXHR() || createActiveXHR();
  13. } :
  14. // For all other browsers, use the standard XMLHttpRequest object
  15. createStandardXHR;

jQuery 1.11.1 changed the implementation:

  2. // Create the request object
  3. // (This is still attached to ajaxSettings for backward compatibility)
  4. jQuery.ajaxSettings.xhr = window.ActiveXObject !== undefined ?
  5. // Support: IE6+
  6. function() {

  8. // XHR cannot access local files, always use ActiveX for that case
  9. return !this.isLocal &&

  11. // Support: IE7-8
  12. // oldIE XHR does not support non-RFC2616 methods (#13240)
  13. // See http://msdn.microsoft.com/en-us/library/ie/ms536648(v=vs.85).aspx
  14. // and http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9
  15. // Although this check for six methods instead of eight
  16. // since IE also does not support "trace" and "connect"
  17. /^(get|post|head|put|delete|options)$/i.test( this.type ) &&

  19. createStandardXHR() || createActiveXHR();
  20. } :
  21. // For all other browsers, use the standard XMLHttpRequest object
  22. createStandardXHR;

The breaking difference appears to be the addition of  /^(get|post|head|put|delete|options)$/i.test( this.type ).

My question is two-fold.

First, is there a jQuery setting I can set or change in making cross domain Patch requests that will prevent the error from occurring? I understand I can revert to version 1.10.2 or modify and serve my own version of jQuery 1.11.x but both of these options are undesirable.

Second, I'm not sure I understand why "patch" is omitted from the list of items in the string above. Was it perhaps an oversight, leading to a bug? Or is it a justifiable omission?

Any help or thoughts would be greatly appreciated.