EDIT2: Just want to say thanks to everyone that helped me with this in the comments. After looking across a bunch of websites in IE11 and looking at their ajax requests it seems like many peoples requests are being blocked from cors and most code falls back to jsonp so I think we will do the same.
EDIT: This is not a duplicate of the other mentioned question because as I stated below I am not using with credentials therefore it is not trying to send domain cookies with the request and doesn't require a P3P header. I have confirmed this by checking the privacy section in IE and nothing is being blocked.
I do a cross domain request to my endpoint from another website. I have no problems in any browser but IE11. Chome, FF all versions etc work fine. I am not setting any custom headers so there is no preflight request. I also am not using allow credentials so I wouldn't think I need any P3P header but I also tried this with no luck.
I get an info message that says XMLHTTPRequest for https://xxx required Cross Origin Resource Sharing (CORS) in my console
I can see the in the network tab that the HTTP response comes back fine but just that my XMLHTTPRequest function returns a status code of zero and the response body is empty.
My request is to a node js server will headers set as below. I have tired many combinations without luck. In production and working with other browsers I have far less headers.
res.header('Access-Control-Allow-Origin', '*')
res.header('Access-Control-Allow-Headers', 'Overwrite, Destination, Content-Type, Depth, User-Agent, Translate, Range, Content-Range, Timeout, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Location, Lock-Token, If, Accept, Pragma')
res.header('Access-Control-Allow-Methods', 'GET, POST')
res.header('Access-Control-Expose-Headers', 'DAV, content-length, Allow')
res.header('P3P', `CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"`)
