SCRIPT5: Access is denied. in IE9

Hello, when trying to use RayGun from within IE9, we're getting a "SCRIPT5: Access is denied. in IE9" error on on the character 13608 of the Script that is including the raygun4js in our application. It's a long one liner that begins with:

(function(e){function n(e,n){return Object.p

Loction 13608 of that line is where the following code starts. Looks like it has to do with "withCredentials."

return r=new e.XMLHttpRequest,"withCredentials"in r?r.open(n,t,!0):e.XDomainRequest&&(E&&(t=t.slice(6)),r=new e.XDomainRequest,r.open(n,t)),r.timeout=1e4,r}function k(n,r){var i=w("POST",n,r);return"withCredentials"in i?(i.onreadystatechange=function(){4===i.readyState&&(202===i.status?h():F&&403!==i.status&&400!==i.status&&g(r))},i.onload=function(){J.log("logged error to Raygun")}):e.XDomainRequest&&(i.ontimeout=function(){F&&(J.log("Raygun: saved error locally"),g(r))},i.onload=function(){J.log("logged error to Raygun"),h()}),i.onerror=function(){J.log("failed to log error to Raygun")},i?(i.send(r),t):(J.log("CORS not supported"),t)}var S,b,T,O,j,C,R=TraceKit.noConflict(),A=e.Raygun,D=!1,E=!1,N=!1,F=!1,M=!1,U=!1,$={},_=[],I=[],L="https://api.raygun.io";n&&(C=n(document));var H={noConflict:function(){return e.Raygun=A,H},init:function(e,n,t){return S=e,R.remoteFetching=!1,$=t,n&&(E=n.allowInsecureSubmissions||!1,N=n.ignoreAjaxAbort||!1,U=n.disableAnonymousUserTracking||!1,n.debugMode&&(D=n.debugMode),n.ignore3rdPartyErrors&&(M=!0)),h(),H},withCustomData:function(e){return $=e,H},withTags:function(e){return _=e,H},attach:function(){return o()?(R.report.subscribe(y),C&&C.ajaxError(i),H):H},detach:function(){return R.report.unsubscribe(y),C&&C.unbind("ajaxError",i),H},send:function(e,n,t){try{y(R.computeStackTrace(e),{customData:"function"==typeof $?a($(),n)

Any thoughts on IE9?

---

Are you serving your site over HTTP, and have you turned on allowInsecureSubmissions? IE8/9 requires Raygun4JS to use insecure submission mode, to turn this on call:

Raygun.init('yourApiKey', { allowInsecureSubmissions: true });

If you're still seeing the error after this let us know.

---

Thanks, Callum, I successfully got IE9 to post errors to your service.

---

Actually, while all the errors are being sent, they're coming across as generic "Script error" messages in the RayGun console. The raw request looks like this:

    {
     "Error": {
          "Message": "Script error",
          "StackTrace": []
     },
     "Environment": {
          "UtcOffset": -5,
          "User-Language": "en-us",
          "Document-Mode": 9,
          "Browser-Width": 784,
          "Browser-Height": 790,
          "Screen-Width": 1600,
          "Screen-Height": 900,
          "Color-Depth": 24,
          "Browser": "Mozilla",
          "Browser-Name": "Microsoft Internet Explorer",
          "Browser-Version": "5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)",
          "Platform": "Win32"
     },
     "Client": {
          "Name": "raygun-js",
          "Version": "1.13.1"
     },
     "Tags": [],
     "Request": {
          "Url": "http://...",
          "QueryString": {},
          "Headers": {
               "User-Agent":"deleted"
          }
     },
     "Version": "Not supplied",
     "User": {
          "Identifier": "14",
          "Email": "n/a",
          "FullName": "Trey"
     }
}

I'm raising this via a test like this:

Raygun.send(new Error('this is a test error'));

EDIT: It seems to be doing the same thing from other browsers when the { allowInsecureSubmissions: true } is enabled.

---

From the looks of your dashboard, the majority of errors are being reported correctly containing correct stack traces and messages. For the ones which are being placed into Script Error, error reports which only contain that data can happen when errors occur in scripts hosted on non-origin servers. This is due to some browsers having security policies which don't allow the error data to be accessed.

To disable these errors on a best effort basis, set your options to this:

{
  allowInsecureSubmissions: true,
  ignore3rdPartyErrors: true
}

Again, this is browser and version dependent as implementations vary wildly.

---

The ones with the correct Stack Traces are coming from non-IE9 browsers while "allowInsecureSubmissions" isn't enabled.

The ones coming through as "Script Errors" aren't from a third party, they're some of the exact same errors coming through from the other browser like Chrome, but with the allowInsecureSubmissions set to true, though.

Maybe this won't be a problem when I put it on a staging server with HTTPS enabled. I'll try that next.

---